diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | lib/net/smtp.rb | 8 |
2 files changed, 9 insertions, 3 deletions
@@ -1,3 +1,7 @@ +Tue Jul 29 22:36:50 2003 Minero Aoki <aamine@loveruby.net> + + * lib/net/smtp.rb (send0): do taint check only when $SAFE > 0 + Tue Jul 29 19:20:34 2003 WATANABE Hirofumi <eban@ruby-lang.org> * lib/fileutils.rb (install): support preserve timestamp. diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb index 1f36f4ba1..ba4f43c37 100644 --- a/lib/net/smtp.rb +++ b/lib/net/smtp.rb @@ -490,9 +490,11 @@ module Net def send0( from_addr, to_addrs ) raise IOError, 'closed session' unless @socket raise ArgumentError, 'mail destination does not given' if to_addrs.empty? - raise SecurityError, 'tainted from_addr' if from_addr.tainted? - to_addrs.each do |to| - raise SecurityError, 'tainted to_addr' if to.tainted? + if $SAFE > 0 + raise SecurityError, 'tainted from_addr' if from_addr.tainted? + to_addrs.each do |to| + raise SecurityError, 'tainted to_addr' if to.tainted? + end end mailfrom from_addr |