diff options
| author | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-14 07:25:56 +0000 |
|---|---|---|
| committer | matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2006-09-14 07:25:56 +0000 |
| commit | d43bfa2211e21355b65889118d7bac9284557900 (patch) | |
| tree | ab726f463981a1effe9690b4b6236cb083b2791f /string.c | |
| parent | e4abff20447bfaae24de292ca8cadb3dff461f22 (diff) | |
| download | ruby-d43bfa2211e21355b65889118d7bac9284557900.tar.gz ruby-d43bfa2211e21355b65889118d7bac9284557900.tar.xz ruby-d43bfa2211e21355b65889118d7bac9284557900.zip | |
* string.c (rb_str_intern): raise SecurityError only when $SAFE
level is greater than zero. [ruby-core:08862]
* parse.y (rb_interned_p): new function to check if a string is
already interned.
* object.c (str_to_id): use rb_str_intern().
git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10930 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'string.c')
| -rw-r--r-- | string.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -4404,7 +4404,7 @@ rb_str_intern(s) } if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len) rb_raise(rb_eArgError, "symbol string may not contain `\\0'"); - if (OBJ_TAINTED(str)) { + if (OBJ_TAINTED(str) && rb_safe_level() >= 1 && !rb_sym_interned_p(str)) { rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string"); } id = rb_intern(RSTRING(str)->ptr); |