diff options
author | marcandre <marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-02-05 20:06:11 +0000 |
---|---|---|
committer | marcandre <marcandre@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2015-02-05 20:06:11 +0000 |
commit | 899a1faa8f27d7ff26d3766b47b47d118813da5d (patch) | |
tree | 14e4d3338375f97fc4e1983a5482a2ae9e1cfce2 /doc/security.rdoc | |
parent | 9dc51967ef97808eacc2a900742a16aac2bd090b (diff) | |
download | ruby-899a1faa8f27d7ff26d3766b47b47d118813da5d.tar.gz |
* doc/security.rdoc: [DOC] ammend symbols section for bug with
keyword args [ci-skip]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@49514 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'doc/security.rdoc')
-rw-r--r-- | doc/security.rdoc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/security.rdoc b/doc/security.rdoc index 5fb7b158b0..2a610f1557 100644 --- a/doc/security.rdoc +++ b/doc/security.rdoc @@ -75,9 +75,10 @@ They are created when modifying code: * defining a method (e.g. with +define_method+), * setting an instance variable (e.g. with +instance_variable_set+), * creating a variable or constant (e.g. with +const_set+) -Because of a bug, +send+ and +__send__+ also create immortal symbols. -Finally, C extensions that have not been updated and are still calling `ID2SYM` +C extensions that have not been updated and are still calling `ID2SYM` will create immortal symbols. +Bugs in 2.2.0: +send+ and +__send__+ also created immortal symbols, +and calling methods with keyword arguments could also create some. Don't create immortal symbols from user inputs. Otherwise, this would allow a user to mount a denial of service attack against your application by |