From d43bfa2211e21355b65889118d7bac9284557900 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 14 Sep 2006 07:25:56 +0000
Subject: * string.c (rb_str_intern): raise SecurityError only when $SAFE  
 level is greater than zero.  [ruby-core:08862]

* parse.y (rb_interned_p): new function to check if a string is
  already interned.

* object.c (str_to_id): use rb_str_intern().


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@10930 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 string.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'string.c')

diff --git a/string.c b/string.c
index 681614b13..19c1a6592 100644
--- a/string.c
+++ b/string.c
@@ -4404,7 +4404,7 @@ rb_str_intern(s)
     }
     if (strlen(RSTRING(str)->ptr) != RSTRING(str)->len)
 	rb_raise(rb_eArgError, "symbol string may not contain `\\0'");
-    if (OBJ_TAINTED(str)) {
+    if (OBJ_TAINTED(str) && rb_safe_level() >= 1 && !rb_sym_interned_p(str)) {
 	rb_raise(rb_eSecurityError, "Insecure: can't intern tainted string");
     }
     id = rb_intern(RSTRING(str)->ptr);
-- 
cgit