diff options
author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-03-26 07:01:14 +0000 |
---|---|---|
committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2003-03-26 07:01:14 +0000 |
commit | 5e9a18ee5bb25078e11076f9dba96c9b3b0a06e6 (patch) | |
tree | 9229296296e4a89f45b3d416b30559ee75768d44 /ext/curses | |
parent | 0a2587fa909c7db8974e0c39e1ee4d7ab544b9c9 (diff) | |
download | ruby-5e9a18ee5bb25078e11076f9dba96c9b3b0a06e6.tar.gz ruby-5e9a18ee5bb25078e11076f9dba96c9b3b0a06e6.tar.xz ruby-5e9a18ee5bb25078e11076f9dba96c9b3b0a06e6.zip |
* eval.c (avalue_splat): new function to do unary * (splat)
operator.
* eval.c (avalue_to_svalue,svalue_to_avalue,svalue_to_mrhs): do
not use implicit "to_ary" conversion.
* ext/curses/curses.c (GetWINDOW,GetMOUSE): add taint check.
* ext/curses/curses.c (curses_init_screen): ditto.
* ext/curses/curses.c (window_initialize): ditto.
* gc.c (os_each_obj): prohibit ObjectSpace#each_object in safe
mode ($SAFE >= 4).
git-svn-id: http://svn.ruby-lang.org/repos/ruby/trunk@3616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/curses')
-rw-r--r-- | ext/curses/curses.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ext/curses/curses.c b/ext/curses/curses.c index fa29263bc..a666cce89 100644 --- a/ext/curses/curses.c +++ b/ext/curses/curses.c @@ -75,6 +75,8 @@ no_window() } #define GetWINDOW(obj, winp) do {\ + if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)\ + rb_raise(rb_eSecurityError, "Insecure: operation on untainted window");\ Data_Get_Struct(obj, struct windata, winp);\ if (winp->window == 0) no_window();\ } while (0) @@ -113,6 +115,7 @@ prep_window(class, window) static VALUE curses_init_screen() { + rb_secure(4); if (rb_stdscr) return rb_stdscr; initscr(); if (stdscr == 0) { @@ -593,6 +596,8 @@ no_mevent() } #define GetMOUSE(obj, data) do {\ + if (!OBJ_TAINTED(obj) && rb_safe_level() >= 4)\ + rb_raise(rb_eSecurityError, "Insecure: operation on untainted mouse");\ Data_Get_Struct(obj, struct mousedata, data);\ if (data->mevent == 0) no_mevent();\ } while (0) @@ -677,6 +682,7 @@ window_initialize(obj, h, w, top, left) struct windata *winp; WINDOW *window; + rb_secure(4); curses_init_screen(); Data_Get_Struct(obj, struct windata, winp); if (winp->window) delwin(winp->window); |