* process.c (rb_f_system): fixed lack of security check before

calling do_spawn() on win32. [ruby-talk:84555]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@4861 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

ChangeLog

@@ -1,3 +1,8 @@
+Thu Oct 30 09:32:26 2003  NAKAMURA Usaku <usa@ruby-lang.org>
+
+	* process.c (rb_f_system): fixed lack of security check before
+	  calling do_spawn() on win32. [ruby-talk:84555]
+
 Thu Oct 30 02:46:35 2003  Yukihiro Matsumoto  <matz@ruby-lang.org>
 
 	* eval.c (proc_invoke): single array value to normal Proc#call

process.c

@@ -976,6 +976,7 @@ rb_f_system(argc, argv)
 
     if (argc == 1 && prog == 0) {
 #if defined(_WIN32)
+	SafeStringValue(argv[0]);
 	status = do_spawn(P_WAIT, RSTRING(argv[0])->ptr);
 #else
 	status = proc_spawn(argv[0]);