From 2bbc30520f04879ea9fe0b54c889e362853f9742 Mon Sep 17 00:00:00 2001 From: kou Date: Sun, 13 Aug 2017 12:14:24 +0000 Subject: REXML: Fix a bug that unexpected methods can be called as a XPath function [HackerOne:249295] Reported by Andrea Jegher. Thanks!!! git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59584 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- lib/rexml/functions.rb | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'lib/rexml/functions.rb') diff --git a/lib/rexml/functions.rb b/lib/rexml/functions.rb index b56103d4f2..cd879fdd28 100644 --- a/lib/rexml/functions.rb +++ b/lib/rexml/functions.rb @@ -8,10 +8,28 @@ module REXML # Therefore, in XML, "local-name()" is identical (and actually becomes) # "local_name()" module Functions + @@available_functions = {} @@context = nil @@namespace_context = {} @@variables = {} + INTERNAL_METHODS = [ + :namespace_context, + :namespace_context=, + :variables, + :variables=, + :context=, + :get_namespace, + :send, + ] + class << self + def singleton_method_added(name) + unless INTERNAL_METHODS.include?(name) + @@available_functions[name] = true + end + end + end + def Functions::namespace_context=(x) ; @@namespace_context=x ; end def Functions::variables=(x) ; @@variables=x ; end def Functions::namespace_context ; @@namespace_context ; end @@ -390,9 +408,14 @@ module REXML node.node_type == :processing_instruction end - def Functions::method_missing( id ) - puts "METHOD MISSING #{id.id2name}" - XPath.match( @@context[:node], id.id2name ) + def Functions::send(name, *args) + if @@available_functions[name.to_sym] + super + else + # TODO: Maybe, this is not XPath spec behavior. + # This behavior must be reconsidered. + XPath.match(@@context[:node], name.to_s) + end end end end -- cgit v1.2.3