Project

General

Profile

Feature #2710

Updated by ko1 (Koichi Sasada) over 9 years ago

=begin 
  
  It was my understanding that Kernel#require was changed to not load a relative path because of a security issue (http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/24155). Does this security issue not apply to Kernel#load, too? Have I misunderstood the expected behavior? 
 
  $ cat a.rb  
  puts 1 
 
  $ cat b.rb  
  load 'a.rb' 
  require 'a.rb' 
 
  $ ruby1.8.7 -v b.rb  
  ruby 1.8.7 (2009-12-24 patchlevel 248) [i686-darwin9.8.0] 
  1 
  1 
 
  $ ruby1.9 -v b.rb  
  ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0] 
  1 
  b.rb:2:in `require': no such file to load -- a.rb (LoadError) 
          from b.rb:2:in `<main>' 
 
  $ RUBYLIB=. ruby1.9 -v b.rb  
  ruby 1.9.2dev (2010-02-03 trunk 26546) [i386-darwin9.8.0] 
  1 
  1 
 
  Thanks, 
  Brian 
 
 =end 
 

Back