* lib/csv.rb: Remove the dangerous serialization feature.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39077 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2013-02-05 18:28:26 +00:00 · 2013-02-05 18:28:26 +00:00 · b614d7823c
--- a/36
+++ b/36
@ -1,3 +1,7 @@
+Wed Feb  6 03:27:19 2013  James Edward Gray II  <james@graysoftinc.com>
+
+	* lib/csv.rb: Remove the dangerous serialization feature.
+
 Wed Feb  6 00:56:00 2013  Zachary Scott  <zachary@zacharyscott.net>

 	* lib/irb.rb: Remove example from restrictions, it works [Github #246]
@ -4633,7 +4637,7 @@ Thu Nov 29 15:10:45 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* test/minitest/test_minitest_unit.rb: restore orig_verbose only
 	  if it is set. This broke rdoc's tests.
-	  http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20121129T050102Z.diff.html.gz
+ http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20121129T050102Z.diff.html.gz

 Thu Nov 29 14:56:30 2012  Koichi Sasada  <ko1@atdot.net>

@ -8695,7 +8699,7 @@ Fri Sep 28 17:26:27 2012  NARUSE, Yui  <naruse@ruby-lang.org>
 	  fails on Windows with msys bash. It makes comparing paths
 	  case-insensitive.
 	  pick from upstream to fix a failure of test-all [ruby-core:47711]
-	  https://github.com/rubygems/rubygems/commit/c474edb2f3704206f04da1c8c6cf9fb079d84abe
+ https://github.com/rubygems/rubygems/commit/c474edb2f3704206f04da1c8c6cf9fb079d84abe

 Fri Sep 28 15:44:45 2012  Shugo Maeda  <shugo@ruby-lang.org>

@ -10573,7 +10577,7 @@ Sun Jul 22 23:58:48 2012  NARUSE, Yui  <naruse@ruby-lang.org>
 Sat Jul 21 06:21:45 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* lib/net/http.rb: fixes for r36476. [Feature #6546]
-	  http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120720T030101Z.diff.html.gz
+ http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120720T030101Z.diff.html.gz

 	* lib/net/http.rb (Net::HTTP.newobj): return back for compatibility.

@ -12225,7 +12229,7 @@ Wed Jun 13 10:20:27 2012  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* process.c (rb_exec_fillarg): use shell if the first word is reserved
 	  or special built-in name.
-	  http://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html
+ http://pubs.opengroup.org/onlinepubs/009695399/utilities/xcu_chap02.html

 	* process.c (rb_exec_fillarg): treat '=' only in the first word.  if
 	  the first word does not contain '=', it is the command name and
@ -12378,7 +12382,7 @@ Mon Jun 11 06:17:06 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* thread_pthread.c (native_cond_initialize): fix typo in r36022.
 	  this cause a failure on FreeBSD 8.2 amd64.
-	  http://fbsd.rubyci.org/~chkbuild/ruby-trunk/log/20120610T130201Z.diff.html.gz
+ http://fbsd.rubyci.org/~chkbuild/ruby-trunk/log/20120610T130201Z.diff.html.gz

 Mon Jun 11 05:21:57 2012  Koichi Sasada  <ko1@atdot.net>

@ -12457,7 +12461,7 @@ Sun Jun 10 15:49:47 2012  Tanaka Akira  <akr@fsij.org>
 Sun Jun 10 14:19:33 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* configure.in: NetBSD 6 adds libexecinfo but it only works on amd64.
-	  http://www.mail-archive.com/source-changes-full@netbsd.org/msg38729.html
+ http://www.mail-archive.com/source-changes-full@netbsd.org/msg38729.html

 Sun Jun 10 12:43:23 2012  Tanaka Akira  <akr@fsij.org>

@ -14150,7 +14154,7 @@ Tue May  8 07:44:18 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* ext/openssl/ossl_ssl.c (ossl_start_ssl): remove useless rb_sys_fail
 	  before ossl_raise. this cause a test failure on Linux.
-	  http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz
+ http://u64.rubyci.org/~chkbuild/ruby-trunk/log/20120507T190102Z.log.html.gz

 Tue May  8 05:35:18 2012  Eric Hodel  <drbrain@segment7.net>

@ -14185,13 +14189,13 @@ Tue May  8 02:34:26 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* lib/minitest/unit.rb (assert_match): refix of r35563.
 	  r35563 breaks the intention of the original change.
-	  https://github.com/seattlerb/minitest/commit/68858105b2eb11c85105ffac5f32b662c59397f3
+ https://github.com/seattlerb/minitest/commit/68858105b2eb11c85105ffac5f32b662c59397f3
 	* lib/minitest/unit.rb (refute_match): ditto.

 Mon May  7 21:19:17 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* ext/json: Merge JSON 1.7.1.
-	  https://github.com/flori/json/commit/e5b9a9465c1159fae533bca320d950b772bcb4ac
+ https://github.com/flori/json/commit/e5b9a9465c1159fae533bca320d950b772bcb4ac

 Mon May  7 22:54:22 2012  Martin Bosslet  <Martin.Bosslet@googlemail.com>

@ -14483,7 +14487,7 @@ Fri Apr 27 07:15:07 2012  Tanaka Akira  <akr@fsij.org>
 	* ext/socket/socket.c (sock_s_pack_sockaddr_un): support the longest
 	  path in sockaddr_un, really.
 	  reported by nagachika.
-	  http://d.hatena.ne.jp/nagachika/20120426/ruby_trunk_changes_35474_35476
+ http://d.hatena.ne.jp/nagachika/20120426/ruby_trunk_changes_35474_35476

 Thu Apr 26 12:28:06 2012  Tanaka Akira  <akr@fsij.org>

@ -14648,7 +14652,7 @@ Mon Apr 23 20:11:02 2012  Tanaka Akira  <akr@fsij.org>

 	* lib/drb/ssl.rb: generate 1024 bits RSA key instead of 512 bits.
 	  OpenSSL 1.0.1 rejects 512 bits RSA key for TLS1.2 with SHA512.
-	  http://rt.openssl.org/Ticket/Display.html?id=2769&user=guest&pass=guest
+ http://rt.openssl.org/Ticket/Display.html?id=2769&user=guest&pass=guest
 	  reported by Bohuslav Kabrda.
 	  [ruby-core:43844] [ruby-trunk - Bug #6221]

@ -15128,7 +15132,7 @@ Sun Apr  8 22:46:01 2012  NARUSE, Yui  <naruse@ruby-lang.org>

 	* ext/json/generator/generator.c (generate_json_bignum):
 	  add RB_GC_GUARD.
-	  http://fb.rubyci.org/~chkbuild/ruby-trunk/log/20120407T210301Z.diff.html.gz
+ http://fb.rubyci.org/~chkbuild/ruby-trunk/log/20120407T210301Z.diff.html.gz

 Sun Apr  8 07:26:40 2012  NARUSE, Yui  <naruse@ruby-lang.org>

@ -21871,7 +21875,7 @@ Wed Aug 31 17:28:23 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>

 	* variable.c (rb_autoload_load): Move RB_GC_GUARD() to proper
 	  position based on suggestion by CHIKANAGA Tomoyuki at
-	  http://d.hatena.ne.jp/nagachika/20110826/ruby_trunk_changes_33070_33078
+ http://d.hatena.ne.jp/nagachika/20110826/ruby_trunk_changes_33070_33078

 	* variable.c (autoload_defined_p): Fix incompatible autoload behavior
 	  that causes Rails crash. Class definition instruction defined in
@ -22074,8 +22078,8 @@ Sat Aug 27 11:18:12 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>

 	* Revert r33078. It caused a Rails application NoMethodError.

-	  /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/utils.rb:157: warning: toplevel constant ScanError referenced by Regin::Parser::ScanError
-	  /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/vendor/regin/regin/parser.rb:17:in `parse_regexp': undefined method `scan_str' for #<Regin::Parser:0x00000002344548> (NoMethodError)
+ /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/utils.rb:157: warning: toplevel constant ScanError referenced by Regin::Parser::ScanError
+ /home/nahi/git/emptyApp/ruby/1.9.1/gems/rack-mount-0.6.14/lib/rack/mount/vendor/regin/regin/parser.rb:17:in `parse_regexp': undefined method `scan_str' for #<Regin::Parser:0x00000002344548> (NoMethodError)

 Sat Aug 27 08:44:58 2011  Eric Hodel  <drbrain@segment7.net>

@ -22669,7 +22673,7 @@ Sun Aug  7 00:42:55 2011  NARUSE, Yui  <naruse@ruby-lang.org>

 	* ext/tk/lib/tk/wm.rb (Tk::Wm.command): Add the missing receiver
 	  before calling epath. patched by flori
-	  https://github.com/flori/ruby/commit/aa9474d32e5f2c57f8b0e2e0c528a03f06a4d433
+ https://github.com/flori/ruby/commit/aa9474d32e5f2c57f8b0e2e0c528a03f06a4d433

 Sat Aug  6 07:06:34 2011  Eric Hodel  <drbrain@segment7.net>

--- a/lib/csv.rb
+++ b/lib/csv.rb
@ -1050,133 +1050,6 @@ class CSV
    end
  end

-  #
-  # This method allows you to serialize an Array of Ruby objects to a String or
-  # File of CSV data.  This is not as powerful as Marshal or YAML, but perhaps
-  # useful for spreadsheet and database interaction.
-  #
-  # Out of the box, this method is intended to work with simple data objects or
-  # Structs.  It will serialize a list of instance variables and/or
-  # Struct.members().
-  #
-  # If you need need more complicated serialization, you can control the process
-  # by adding methods to the class to be serialized.
-  #
-  # A class method csv_meta() is responsible for returning the first row of the
-  # document (as an Array).  This row is considered to be a Hash of the form
-  # key_1,value_1,key_2,value_2,...  CSV::load() expects to find a class key
-  # with a value of the stringified class name and CSV::dump() will create this,
-  # if you do not define this method.  This method is only called on the first
-  # object of the Array.
-  #
-  # The next method you can provide is an instance method called csv_headers().
-  # This method is expected to return the second line of the document (again as
-  # an Array), which is to be used to give each column a header.  By default,
-  # CSV::load() will set an instance variable if the field header starts with an
-  # @ character or call send() passing the header as the method name and
-  # the field value as an argument.  This method is only called on the first
-  # object of the Array.
-  #
-  # Finally, you can provide an instance method called csv_dump(), which will
-  # be passed the headers.  This should return an Array of fields that can be
-  # serialized for this object.  This method is called once for every object in
-  # the Array.
-  #
-  # The +io+ parameter can be used to serialize to a File, and +options+ can be
-  # anything CSV::new() accepts.
-  #
-  def self.dump(ary_of_objs, io = "", options = Hash.new)
-    obj_template = ary_of_objs.first
-
-    csv = new(io, options)
-
-    # write meta information
-    begin
-      csv << obj_template.class.csv_meta
-    rescue NoMethodError
-      csv << [:class, obj_template.class]
-    end
-
-    # write headers
-    begin
-      headers = obj_template.csv_headers
-    rescue NoMethodError
-      headers = obj_template.instance_variables.sort
-      if obj_template.class.ancestors.find { |cls| cls.to_s =~ /\AStruct\b/ }
-        headers += obj_template.members.map { |mem| "#{mem}=" }.sort
-      end
-    end
-    csv << headers
-
-    # serialize each object
-    ary_of_objs.each do |obj|
-      begin
-        csv << obj.csv_dump(headers)
-      rescue NoMethodError
-        csv << headers.map do |var|
-          if var[0] == ?@
-            obj.instance_variable_get(var)
-          else
-            obj[var[0..-2]]
-          end
-        end
-      end
-    end
-
-    if io.is_a? String
-      csv.string
-    else
-      csv.close
-    end
-  end
-
-  #
-  # This method is the reading counterpart to CSV::dump().  See that method for
-  # a detailed description of the process.
-  #
-  # You can customize loading by adding a class method called csv_load() which
-  # will be passed a Hash of meta information, an Array of headers, and an Array
-  # of fields for the object the method is expected to return.
-  #
-  # Remember that all fields will be Strings after this load.  If you need
-  # something else, use +options+ to setup converters or provide a custom
-  # csv_load() implementation.
-  #
-  def self.load(io_or_str, options = Hash.new)
-    csv = new(io_or_str, options)
-
-    # load meta information
-    meta = Hash[*csv.shift]
-    cls  = meta["class".encode(csv.encoding)].split("::".encode(csv.encoding)).
-                                              inject(Object) do |c, const|
-      c.const_get(const)
-    end
-
-    # load headers
-    headers = csv.shift
-
-    # unserialize each object stored in the file
-    results = csv.inject(Array.new) do |all, row|
-      begin
-        obj = cls.csv_load(meta, headers, row)
-      rescue NoMethodError
-        obj = cls.allocate
-        headers.zip(row) do |name, value|
-          if name[0] == ?@
-            obj.instance_variable_set(name, value)
-          else
-            obj.send(name, value)
-          end
-        end
-      end
-      all << obj
-    end
-
-    csv.close unless io_or_str.is_a? String
-
-    results
-  end
-
  #
  # :call-seq:
  #   filter( options = Hash.new ) { |row| ... }
--- a/test/csv/test_serialization.rb
+++ b/test/csv/test_serialization.rb
@ -1,158 +0,0 @@
-#!/usr/bin/env ruby -w
-# encoding: UTF-8
-
-# tc_serialization.rb
-#
-#  Created by James Edward Gray II on 2005-10-31.
-#  Copyright 2005 James Edward Gray II. You can redistribute or modify this code
-#  under the terms of Ruby's license.
-
-require_relative "base"
-require "tempfile"
-
-# An example of how to provide custom CSV serialization.
-class Hash
-  def self.csv_load( meta, headers, fields )
-    self[*headers.zip(fields).to_a.flatten.map { |e| eval(e) }]
-  end
-
-  def csv_headers
-    keys.map { |key| key.inspect }
-  end
-
-  def csv_dump( headers )
-    headers.map { |header| fetch(eval(header)).inspect }
-  end
-end
-
-class TestCSV::Serialization < TestCSV
-  extend DifferentOFS
-
-  ### Classes Used to Test Serialization ###
-
-  class ReadOnlyName
-    def initialize( first, last )
-      @first, @last = first, last
-    end
-
-    attr_reader :first, :last
-
-    def ==( other )
-      %w{first last}.all? { |att| send(att) == other.send(att) }
-    end
-  end
-
-  Name = Struct.new(:first, :last)
-
-  class FullName < Name
-    def initialize( first, last, suffix = nil )
-      super(first, last)
-
-      @suffix = suffix
-    end
-
-    attr_accessor :suffix
-
-    def ==( other )
-      %w{first last suffix}.all? { |att| send(att) == other.send(att) }
-    end
-  end
-
-  ### Tests ###
-
-  def test_class_dump
-    @names = [ %w{James Gray},
-              %w{Dana Gray},
-              %w{Greg Brown} ].map do |first, last|
-      ReadOnlyName.new(first, last)
-    end
-
-    assert_nothing_raised(Exception) do
-      @data = CSV.dump(@names)
-    end
-    assert_equal(<<-END_CLASS_DUMP.gsub(/^\s*/, ""), @data)
-    class,TestCSV::Serialization::ReadOnlyName
-    @first,@last
-    James,Gray
-    Dana,Gray
-    Greg,Brown
-    END_CLASS_DUMP
-  end
-
-  def test_struct_dump
-    @names = [ %w{James Gray},
-              %w{Dana Gray},
-              %w{Greg Brown} ].map do |first, last|
-      Name.new(first, last)
-    end
-
-    assert_nothing_raised(Exception) do
-      @data = CSV.dump(@names)
-    end
-    assert_equal(<<-END_STRUCT_DUMP.gsub(/^\s*/, ""), @data)
-    class,TestCSV::Serialization::Name
-    first=,last=
-    James,Gray
-    Dana,Gray
-    Greg,Brown
-    END_STRUCT_DUMP
-  end
-
-  def test_inherited_struct_dump
-    @names = [ %w{James Gray II},
-              %w{Dana Gray},
-              %w{Greg Brown} ].map do |first, last, suffix|
-      FullName.new(first, last, suffix)
-    end
-
-    assert_nothing_raised(Exception) do
-      @data = CSV.dump(@names)
-    end
-    assert_equal(<<-END_STRUCT_DUMP.gsub(/^\s*/, ""), @data)
-    class,TestCSV::Serialization::FullName
-    @suffix,first=,last=
-    II,James,Gray
-    ,Dana,Gray
-    ,Greg,Brown
-    END_STRUCT_DUMP
-  end
-
-  def test_load
-    %w{ test_class_dump
-        test_struct_dump
-        test_inherited_struct_dump }.each do |test|
-      send(test)
-      CSV.load(@data).each do |loaded|
-        assert_instance_of(@names.first.class, loaded)
-        assert_equal(@names.shift, loaded)
-      end
-    end
-  end
-
-  def test_io
-    test_class_dump
-
-    tempfile = Tempfile.new(%w"serialization .csv")
-    tempfile.close
-    data_file = tempfile.path
-    CSV.dump(@names, File.open(data_file, "wb"))
-
-    assert(File.exist?(data_file))
-    assert_equal(<<-END_IO_DUMP.gsub(/^\s*/, ""), File.read(data_file))
-    class,TestCSV::Serialization::ReadOnlyName
-    @first,@last
-    James,Gray
-    Dana,Gray
-    Greg,Brown
-    END_IO_DUMP
-
-    assert_equal(@names, CSV.load(File.open(data_file)))
-
-    tempfile.close(true)
-  end
-
-  def test_custom_dump_and_load
-    obj = {1 => "simple", test: Hash}
-    assert_equal(obj, CSV.load(CSV.dump([obj])).first)
-  end
-end
--- a/test/csv/ts_all.rb
+++ b/test/csv/ts_all.rb
@ -17,5 +17,4 @@ require "test_data_converters"
 require "test_row"
 require "test_table"
 require "test_headers"
-require "test_serialization"
 require "test_encodings"