Issue #5279 has been updated by Shota Fukumori.


中身?????«ã?¯ã???????????äº???§ã????­ï?? < transcoder ??®ä¸­??§ä??????????? safe level ??? 0

#ruby-ja ??§è­°è«?????????¨ã?????ï¼?autoload???autoload???å®?義ã???????´æ?????SAFE??§èª­??¿è¾¼?????®ã?§ï??
$SAFE=0??®ã?¨ã????«ã??????????????autoload???ä»?????????¦ã??????????¨ã?????????????ªè§£???(ä»?çµ???¿ã?ªå?¨ç?¶é???????¾ã?????)
???????????°å?¥ã?«å????ªã????®ã?§ã?¯ã?ªã?????ï¼???¨ã?????????????§ã?????ï¼?

??¸å¿µ?????¦ã???????®ã??require???path??«ã?¹ã?¯ã?ªã???????µã?¤ã??????????ªå????§ã????¹ã??æµ????äº??????§ã??????????§ã????ªã???????§ï??
??ªå????®è??è­???§ã?¯ã?§ã????ªã????¨æ????£ã?¦ã???????®ã?§ã?????ï¼?????????½ã????¨ã????????rb_require_safe??®ç¬¬äº?å¼???°ã??0???
渡ã????®ã?¯å?±é?ºã?ªã?®ã?§ã????®ä¿®æ­£æ?¹æ?????????????¡ã????¨æ????£ã?¦ã????¾ã??ï¼?
----------------------------------------
Bug #5279: $SAFE???3以ä????®æ?????String#encode???SecurityError?????ºç?????????????±ã?¼ã?¹ã????????
http://redmine.ruby-lang.org/issues/5279

Author: Shota Fukumori
Status: Open
Priority: Normal
Assignee: 
Category: 
Target version: 
ruby -v: ruby 1.9.4dev (2011-09-05 trunk 33195) [x86_64-darwin11.1.0] 


sora_h??§ã??ï¼?

twitter
??? @hsbt ??????????????®ã???????ªä?????è¨???£ã?¦ã???????®ã?§èª¿??»ã????¦ã?¿ã?¾ã?????:
http://twitter.com/#!/hsbt/status/110700488667832320

調æ?»ã???????¨ã?????ï¼???©ã????????String#encode??¯å????¨ç?????require?????¦ã????¦ï??
??»ã?¼ã????¬ã?????3????????¨ã?¦ã?®ã?ªã????¸ã?§ã?¯ã?????æ±???????????????®ã?§ï??rb_require_safe??«æ¸¡???String???æ±???????????????????ï¼?
rb_require???SecurityError?????ºç???????¾ã??ï¼?

??ªã?®ã?§ï??以ä????®å?´å?????SecurityError?????ºç???????¾ã?????ï¼?

    $SAFE = 3
    "a".encode("UTF-16")

以ä????®å?´å????¯ç?ºç???????¾ã?????ï¼?

    "a".encode("UTF-16")
    $SAFE = 3
    "a".encode("UTF-16")

?????????修正????????????????????¸ã????¦ã?¿ã?¾ã????????(?????±ã???????«å°¾??«è²¼???ä»????)ï¼?
????????????rb_require_safe??®ç¬¬äº?å¼???°ã??0???渡ã????¦ã???????ªã????®ã????ªä¿¡???????????¾ã?????ï¼?
????????¯ã?»ã?­ã?¥ã?ªã????£å?¨ã????®å????ªã?®ã?§ï???????????????£ã?¦ã???????³ã????????ï¼???????????¯ã???????????
??«ã????????修正???????????????????¦ã???????³ã???????????????????¨æ???????¾ã??ï¼?

以ä??patch

diff --git a/ChangeLog b/ChangeLog
index a16e823..07f76a7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Tue Sep  6 08:56:06 2011  Shota Fukumori  <sorah / tubusu.net>
+
+       * transcode.c: Use rb_require_safe() to load transcoder.
+         Because if $SAFE is higher than 3, rb_require() raises SecurityError.
+
 Mon Sep  5 20:59:30 2011  CHIKANAGA Tomoyuki  <nagachika00 / gmail.com>

        * insns.def: change encoding pragma for emacs (shift_jis to utf-8).
diff --git a/transcode.c b/transcode.c
index 2c188b6..0651aec 100644
--- a/transcode.c
+++ b/transcode.c
@@ -375,7 +375,7 @@ load_transcoder_entry(transcoder_entry_t *entry)
             return NULL;
         memcpy(path, transcoder_lib_prefix, sizeof(transcoder_lib_prefix) - 1);
         memcpy(path + sizeof(transcoder_lib_prefix) - 1, lib, len + 1);
-        if (!rb_require(path))
+        if (!rb_require_safe(rb_str_new2(path), 0))
             return NULL;
     }


-- 
http://redmine.ruby-lang.org