Issue #7292 has been updated by drbrain (Eric Hodel). =begin There is a potential for a security exploit with Enumerable#to_h: user_input = %w[rm -rf /] system ['ls', '-l'], *user_input With system, the first argument is used as the environment if it can be converted to a Hash. With user input to system this may lead to arbitrary code execution. =end ---------------------------------------- Feature #7292: Enumerable#to_h https://bugs.ruby-lang.org/issues/7292#change-37576 Author: marcandre (Marc-Andre Lafortune) Status: Assigned Priority: Low Assignee: matz (Yukihiro Matsumoto) Category: core Target version: next minor Now that #to_h is the official method for explicit conversion to Hash, we should also add Enumerable#to_h: Returns a hash for the yielded key-value pairs. [[:name, 'Joe Smith'], [:age, 42]].to_h # => {name: 'Joe Smith', age: 42} With the Ruby tradition of succint documentation I suggest the documentation talk about key-value pairs and there is no need to be explicit about the uninteresting cases like: (1..3).to_h # => {1 => nil, 2 => nil, 3 => nil} [[1, 2], [1, 3]].to_h # => {1 => 3} [[1, 2], []].to_h # => {1 => 2, nil => nil} I see some reactions of people reading about the upcoming 2.0 release like this one: http://globaldev.co.uk/2012/11/ruby-2-0-0-preview-features/#dsq-comment-body-700242476 -- http://bugs.ruby-lang.org/