Project

General

Profile

Feature #2710

Updated by ko1 (Koichi Sasada) about 5 years ago

=begin

It was my understanding that Kernel#require was changed to not load a relative path because of a security issue (http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/24155). Does this security issue not apply to Kernel#load, too? Have I misunderstood the expected behavior?

$ cat a.rb
puts 1

$ cat b.rb
load 'a.rb'
require 'a.rb'

$ ruby1.8.7 -v b.rb
ruby 1.8.7 (2009-12-24 patchlevel 248) [i686-darwin9.8.0]
1
1

$ ruby1.9 -v b.rb
ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0]
1
b.rb:2:in `require': no such file to load -- a.rb (LoadError)
from b.rb:2:in `<main>'

$ RUBYLIB=. ruby1.9 -v b.rb
ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0]
1
1

Thanks,
Brian

=end

Back