io.c: Methods of File should not invoke external commands

For security reasons, File.read, File.binread, File.write, File.binwrite, File.foreach, and File.readlines should not invoke external commands even if the path starts with the pipe character |. [ruby-core:84495] [Feature #14245] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62857 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2018-03-20 09:09:49 +0000
committer: shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2018-03-20 09:09:49 +0000
commit: a8752848d3f321eb47149f35aa5f37e53a5bb170 (patch)
tree: 081afeacb9461d2e28caedb15d38dcc40d15d627 /io.c
parent: cc9db964a37a2ea83f1223092d3a6697a4f99975 (diff)
download: ruby-a8752848d3f321eb47149f35aa5f37e53a5bb170.tar.gz
1 files changed, 1 insertions, 6 deletions
diff --git a/io.c b/io.c
index e15d44cb12..cb24b283d2 100644
--- a/io.c
+++ b/io.c
@@ -7113,12 +7113,7 @@ rb_io_open_generic(VALUE klass, VALUE filename, int oflags, int fmode,
 		   const convconfig_t *convconfig, mode_t perm)
 {
     VALUE cmd;
-    const int warn = klass == rb_cFile;
-    if ((warn || klass == rb_cIO) && !NIL_P(cmd = check_pipe_command(filename))) {
-	if (warn) {
-	    rb_warn("IO.%"PRIsVALUE" called on File to invoke external command",
-		    rb_id2str(rb_frame_this_func()));
-	}
+    if (klass == rb_cIO && !NIL_P(cmd = check_pipe_command(filename))) {
 	return pipe_open_s(cmd, rb_io_oflags_modestr(oflags), fmode, convconfig);
     }
     else {
author	shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2018-03-20 09:09:49 +0000
committer	shugo <shugo@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2018-03-20 09:09:49 +0000
commit	a8752848d3f321eb47149f35aa5f37e53a5bb170 (patch)
tree	081afeacb9461d2e28caedb15d38dcc40d15d627 /io.c
parent	cc9db964a37a2ea83f1223092d3a6697a4f99975 (diff)
download	ruby-a8752848d3f321eb47149f35aa5f37e53a5bb170.tar.gz