Issue #9976 has been updated by Nobuyoshi Nakada.

Status changed from Open to Closed
% Done changed from 0 to 100

Applied in changeset r46547.

----------
hash.c: prohibit tainted strings

* hash.c (env_aset, env_has_key, env_assoc, env_has_value),
  (env_rassoc, env_key): prohibit tainted strings if $SAFE is
  non-zero.  [Bug #9976]

----------------------------------------
Bug #9976: ENV doesn't raise SecurityError except for aset and delete
https://bugs.ruby-lang.org/issues/9976#change-47372

* Author: Nobuyoshi Nakada
* Status: Closed
* Priority: Normal
* Assignee: 
* Category: 
* Target version: 
* ruby -v: trunk
* Backport: 2.0.0: REQUIRED, 2.1: REQUIRED
----------------------------------------
`ENV#[]=` と `ENV#delete` は`$SAFE > 0`のときにtaintedな引数をエラーにしますが、他のメソッドでエラーになりません。



-- 
https://bugs.ruby-lang.org/