diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-09-09 22:29:16 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2010-09-09 22:29:16 +0000 |
commit | 9e39c618da89cda4819b62f14f82348372f32d63 (patch) | |
tree | e6c9d336bebae6dbad075ed191d641c9999e361e | |
parent | e7ab96f6ede27a19ef8317a1062f70f691122a07 (diff) | |
download | ruby-9e39c618da89cda4819b62f14f82348372f32d63.tar.gz |
* ext/etc/etc.c (etc_systmpdir): assume system default tmpdir
safe. [ruby-dev:42089]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@29209 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ext/etc/etc.c | 7 | ||||
-rw-r--r-- | test/test_tempfile.rb | 4 |
3 files changed, 14 insertions, 2 deletions
@@ -1,3 +1,8 @@ +Fri Sep 10 07:29:14 2010 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * ext/etc/etc.c (etc_systmpdir): assume system default tmpdir + safe. [ruby-dev:42089] + Fri Sep 10 07:03:23 2010 Tanaka Akira <akr@fsij.org> * ext/pathname/pathname.c (path_size_p): Pathname#size? translated from diff --git a/ext/etc/etc.c b/ext/etc/etc.c index 0a01acf47d..9f2b4590b6 100644 --- a/ext/etc/etc.c +++ b/ext/etc/etc.c @@ -584,14 +584,17 @@ etc_sysconfdir(VALUE obj) static VALUE etc_systmpdir(void) { + VALUE tmpdir; #ifdef _WIN32 WCHAR path[_MAX_PATH]; UINT len = rb_w32_system_tmpdir(path, numberof(path)); if (!len) return Qnil; - return rb_w32_conv_from_wchar(path, rb_filesystem_encoding()); + tmpdir = rb_w32_conv_from_wchar(path, rb_filesystem_encoding()); #else - return rb_filesystem_str_new_cstr("/tmp"); + tmpdir = rb_filesystem_str_new_cstr("/tmp"); #endif + FL_UNSET(tmpdir, FL_TAINT|FL_UNTRUSTED); + return tmpdir; } /* diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb index b0c0703a6a..1055bd45d8 100644 --- a/test/test_tempfile.rb +++ b/test/test_tempfile.rb @@ -30,6 +30,10 @@ class TestTempfile < Test::Unit::TestCase def test_saves_in_dir_tmpdir_by_default t = tempfile("foo") assert_equal Dir.tmpdir, File.dirname(t.path) + bug3733 = '[ruby-dev:42089]' + assert_nothing_raised(SecurityError, bug3733) { + proc {$SAFE = 1; File.expand_path(Dir.tmpdir)}.call + } end def test_saves_in_given_directory |