diff options
Diffstat (limited to 'eval.c')
-rw-r--r-- | eval.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -5052,6 +5052,9 @@ rb_f_eval(argc, argv, self) rb_scan_args(argc, argv, "13", &src, &scope, &vfile, &vline); if (ruby_safe_level >= 4) { StringValue(src); + if (!NIL_P(scope) && !OBJ_TAINTED(scope)) { + rb_raise(rb_eSecurityError, "Insecure: can't modify trusted binding"); + } } else { SafeStringValue(src); |