diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | lib/erb.rb | 11 | ||||
-rw-r--r-- | test/erb/test_erb.rb | 12 |
3 files changed, 25 insertions, 3 deletions
@@ -1,3 +1,8 @@ +Fri Nov 9 23:33:05 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * lib/erb.rb (ERB#run, ERB#result): eval under isolated bindings for + safe concurrent use. [ruby-core:47638] [Bug #7046] + Fri Nov 9 23:05:06 2012 Nobuyoshi Nakada <nobu@ruby-lang.org> * random.c (BYTE_ORDER): define using configured WORDS_BIGENDIAN. diff --git a/lib/erb.rb b/lib/erb.rb index 26c34ee3ad..934d83aa48 100644 --- a/lib/erb.rb +++ b/lib/erb.rb @@ -1,3 +1,4 @@ +# -*- coding: us-ascii -*- # = ERB -- Ruby Templating # # Author:: Masatoshi SEKI @@ -818,7 +819,7 @@ class ERB end # Generate results and print them. (see ERB#result) - def run(b=TOPLEVEL_BINDING) + def run(b=new_toplevel) print self.result(b) end @@ -830,7 +831,7 @@ class ERB # _b_ accepts a Binding or Proc object which is used to set the context of # code evaluation. # - def result(b=TOPLEVEL_BINDING) + def result(b=new_toplevel) if @safe_level proc { $SAFE = @safe_level @@ -841,6 +842,12 @@ class ERB end end + def new_toplevel + # New binding each time *near* toplevel for unspecified runs + TOPLEVEL_BINDING.dup + end + private :new_toplevel + # Define _methodname_ as instance method of _mod_ from compiled ruby source. # # example: diff --git a/test/erb/test_erb.rb b/test/erb/test_erb.rb index 7ddbc878d4..686c404702 100644 --- a/test/erb/test_erb.rb +++ b/test/erb/test_erb.rb @@ -1,3 +1,4 @@ +# -*- coding: us-ascii -*- require 'test/unit' require 'erb' @@ -44,11 +45,20 @@ class TestERB < Test::Unit::TestCase assert_equal("", ERB::Util.html_escape("")) assert_equal("abc", ERB::Util.html_escape("abc")) - assert_equal("<<", ERB::Util.html_escape("<<")) + assert_equal("<<", ERB::Util.html_escape("<\<")) assert_equal("", ERB::Util.html_escape(nil)) assert_equal("123", ERB::Util.html_escape(123)) end + + def test_concurrent_default_binding + template1 = 'one <%= ERB.new(template2).result %>' + + eval 'template2 = "two"', TOPLEVEL_BINDING + + bug7046 = '[ruby-core:47638]' + assert_equal("one two", ERB.new(template1).result, bug7046) + end end class TestERBCore < Test::Unit::TestCase |