зеркало из https://github.com/github/ruby.git
file.c: preserve encoding
* file.c (rb_find_file_safe): preserve encoding of path in SecurityError messages. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58996 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
nobu
Родитель
321300d4e0
Коммит
1e1964b8f2
6
file.c
6
file.c
|
|
@ -5840,7 +5840,7 @@ rb_find_file_safe(VALUE path, int safe_level)
|
|||
if (f[0] == '~') {
|
||||
tmp = file_expand_path_1(path);
|
||||
if (safe_level >= 1 && OBJ_TAINTED(tmp)) {
|
||||
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
|
||||
rb_raise(rb_eSecurityError, "loading from unsafe file %"PRIsVALUE, tmp);
|
||||
}
|
||||
path = copy_path_class(tmp, path);
|
||||
f = RSTRING_PTR(path);
|
||||
|
|
@ -5849,7 +5849,7 @@ rb_find_file_safe(VALUE path, int safe_level)
|
|||
|
||||
if (expanded || rb_is_absolute_path(f) || is_explicit_relative(f)) {
|
||||
if (safe_level >= 1 && !fpath_check(path)) {
|
||||
rb_raise(rb_eSecurityError, "loading from unsafe path %s", f);
|
||||
rb_raise(rb_eSecurityError, "loading from unsafe path %"PRIsVALUE, path);
|
||||
}
|
||||
if (!rb_file_load_ok(f)) return 0;
|
||||
if (!expanded)
|
||||
|
|
@ -5881,7 +5881,7 @@ rb_find_file_safe(VALUE path, int safe_level)
|
|||
|
||||
found:
|
||||
if (safe_level >= 1 && !fpath_check(tmp)) {
|
||||
rb_raise(rb_eSecurityError, "loading from unsafe file %s", f);
|
||||
rb_raise(rb_eSecurityError, "loading from unsafe file %"PRIsVALUE, tmp);
|
||||
}
|
||||
|
||||
return copy_path_class(tmp, path);
|
||||
|
|
|
|||
|
|
@ -87,6 +87,17 @@ class TestRequire < Test::Unit::TestCase
|
|||
end
|
||||
end
|
||||
|
||||
SECURITY_WARNING =
|
||||
if /mswin|mingw/ =~ RUBY_PLATFORM
|
||||
nil
|
||||
else
|
||||
proc do |require_path|
|
||||
File.chmod(0777, File.dirname(require_path))
|
||||
$SAFE = 1
|
||||
require(require_path)
|
||||
end
|
||||
end
|
||||
|
||||
def assert_require_nonascii_path(encoding, bug)
|
||||
Dir.mktmpdir {|tmp|
|
||||
dir = "\u3042" * 5
|
||||
|
|
@ -109,6 +120,17 @@ class TestRequire < Test::Unit::TestCase
|
|||
assert_equal(self.class.ospath_encoding(require_path), $:.last.encoding, '[Bug #8753]')
|
||||
assert(!require(require_path), bug)
|
||||
}
|
||||
$:.replace(load_path)
|
||||
$".replace(features)
|
||||
if SECURITY_WARNING
|
||||
require_path.untaint
|
||||
ospath = require_path.encode(self.class.ospath_encoding(require_path))
|
||||
assert_warn(/Insecure world writable dir/) do
|
||||
assert_raise_with_message(SecurityError, "loading from unsafe path #{ospath}") do
|
||||
SECURITY_WARNING.call(require_path)
|
||||
end
|
||||
end
|
||||
end
|
||||
ensure
|
||||
$:.replace(load_path)
|
||||
$".replace(features)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче