Hi,

I just noticed this:

09:57:58 ~$ allruby /c/Temp/d.rb
CYGWIN_NT-5.1 padrklemme2 1.7.7(0.230/5/3) 2010-08-31 09:58 i686 Cygwin
========================================
ruby 1.8.7 (2008-08-11 patchlevel 72) [i386-cygwin]
"line 1\nline 2\n"
"\np DATA.read\nDATA.seek 0\np DATA.read\n\n__END__\nline 1\nline 2\n"
========================================
ruby 1.9.2p136 (2010-12-25 revision 30365) [i386-cygwin]
"line 1\nline 2\n"
"\np DATA.read\nDATA.seek 0\np DATA.read\n\n__END__\nline 1\nline 2\n"
========================================
jruby 1.4.0 (ruby 1.8.7 patchlevel 174) (2009-11-02 69fbfa3) (Java
HotSpot(TM) Client VM 1.6.0_23) [x86-java]
"line 1\nline 2\n"
""
09:58:31 ~$ cat /c/Temp/d.rb

p DATA.read
DATA.seek 0
p DATA.read

__END__
line 1
line 2
09:58:37 ~$

In other words, I can read what's before __END__ if I simply seek.
IMHO that is a bad thing and may even be used for attacks.

Btw, I stumbled across this by doing this:

10:01:24 ~$ ruby19 /c/Temp/dd.rb
["require 'csv'"]
[]
["CSV.foreach DATA do |rec|"]
["  p rec"]
["end"]
[]
["__END__"]
["line 1"]
["line 2"]
10:01:33 ~$ cat /c/Temp/dd.rb
require 'csv'

CSV.foreach DATA do |rec|
  p rec
end

__END__
line 1
line 2
10:01:37 ~$

Maybe it's not such a good idea for CSV.foreach to seek to 0 before
starting to read.  As a user of CSV I would always want it to start
off where the IO currently points to.  James, what do you think?

Kind regards

robert

-- 
remember.guy do |as, often| as.you_can - without end
http://blog.rubybestpractices.com/