Issue #9976 has been updated by Nobuyoshi Nakada. Status changed from Open to Closed % Done changed from 0 to 100 Applied in changeset r46547. ---------- hash.c: prohibit tainted strings * hash.c (env_aset, env_has_key, env_assoc, env_has_value), (env_rassoc, env_key): prohibit tainted strings if $SAFE is non-zero. [Bug #9976] ---------------------------------------- Bug #9976: ENV doesn't raise SecurityError except for aset and delete https://bugs.ruby-lang.org/issues/9976#change-47372 * Author: Nobuyoshi Nakada * Status: Closed * Priority: Normal * Assignee: * Category: * Target version: * ruby -v: trunk * Backport: 2.0.0: REQUIRED, 2.1: REQUIRED ---------------------------------------- `ENV#[]=` と `ENV#delete` は`$SAFE > 0`のときにtaintedな引数をエラーにしますが、他のメソッドでエラーになりません。 -- https://bugs.ruby-lang.org/