Project

General

Profile

Actions
Copy link

Bug #9976

closed

ENV doesn't raise SecurityError except for aset and delete

Added by nobu (Nobuyoshi Nakada) almost 10 years ago. Updated over 9 years ago.

Status:
Closed
Assignee:
-
Target version:
-
ruby -v:
trunk
Backport:
2.0.0: DONE, 2.1: DONE
[ruby-dev:48321]

Description

ENV#[]=ENV#delete$SAFE > 0のときにtaintedな引数をエラーにしますが、他のメソッドでエラーになりません。

Actions
Copy link
 #1 [ruby-dev:48322]

Updated by nobu (Nobuyoshi Nakada) almost 10 years ago

  • Status changed from Open to Closed
  • % Done changed from 0 to 100

Applied in changeset r46547.

hash.c: prohibit tainted strings

  • hash.c (env_aset, env_has_key, env_assoc, env_has_value),
    (env_rassoc, env_key): prohibit tainted strings if $SAFE is
    non-zero. [Bug #9976]
Actions
Copy link
 #2 [ruby-dev:48511]

Updated by nagachika (Tomoyuki Chikanaga) over 9 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: REQUIRED to 2.0.0: REQUIRED, 2.1: DONE

Backported into ruby_2_1 branch at r47346.

Actions
Copy link
 #3 [ruby-dev:48528]

Updated by usa (Usaku NAKAMURA) over 9 years ago

  • Backport changed from 2.0.0: REQUIRED, 2.1: DONE to 2.0.0: DONE, 2.1: DONE

backported into ruby_2_0_0 at r47492.

Actions
Copy link

Also available in: Atom PDF

Like0
Like0Like0Like0