Issue #7499 has been reported by alindeman (Andy Lindeman). ---------------------------------------- Bug #7499: public_send can be used to invoke protected methods https://bugs.ruby-lang.org/issues/7499 Author: alindeman (Andy Lindeman) Status: Open Priority: Normal Assignee: Category: Target version: ruby -v: ruby 2.0.0dev (2012-12-03) [x86_64-darwin12.2.1] class Foo def bar "wtf?" end protected :bar def invoke_bar public_send(:bar) end end puts Foo.public_send(:bar) rescue puts "error; this seems normal" puts Foo.new.invoke_bar # The last statement outputs "wtf?" on: # * 1.9.3p194 # * 1.9.3p327 # * ruby-head (2012-12-03) # The last statement raises a NoMethodError on: # * JRuby 1.7.0 # * rubinius 2.0.0dev 2279857e # # I /expected/ the NoMethodError behavior
on 2012-12-02 22:01
on 2012-12-03 12:11
Issue #7499 has been updated by charliesome (Charlie Somerville). File bug-7499.patch added rb_method_call_status checks the value of 'self' at the callsite to determine whether protected methods can be called. Unfortunately this means calls to protected methods via public_send will erroneously succeed if they are in the right scope. To fix this, I changed the meaning of Qundef as the 'self' argument to rb_call0. Formerly, Qundef meant 'use the self from the current control frame'. Now, Qundef means 'do not consider self so protected methods cannot be called'. I have updated the few calls to rb_call0 to fetch 'self' from the control frame manually. As rb_call0 and rb_method_call_status are static, there is no concern for ABI breakage. ---------------------------------------- Bug #7499: public_send can be used to invoke protected methods https://bugs.ruby-lang.org/issues/7499#change-34358 Author: alindeman (Andy Lindeman) Status: Open Priority: Normal Assignee: Category: Target version: ruby -v: ruby 2.0.0dev (2012-12-03) [x86_64-darwin12.2.1] class Foo def bar "wtf?" end protected :bar def invoke_bar public_send(:bar) end end puts Foo.public_send(:bar) rescue puts "error; this seems normal" puts Foo.new.invoke_bar # The last statement outputs "wtf?" on: # * 1.9.3p194 # * 1.9.3p327 # * ruby-head (2012-12-03) # The last statement raises a NoMethodError on: # * JRuby 1.7.0 # * rubinius 2.0.0dev 2279857e # # I /expected/ the NoMethodError behavior
on 2012-12-03 17:01
Issue #7499 has been updated by marcandre (Marc-Andre Lafortune). Looks good to me. ---------------------------------------- Bug #7499: public_send can be used to invoke protected methods https://bugs.ruby-lang.org/issues/7499#change-34367 Author: alindeman (Andy Lindeman) Status: Open Priority: Normal Assignee: Category: Target version: ruby -v: ruby 2.0.0dev (2012-12-03) [x86_64-darwin12.2.1] class Foo def bar "wtf?" end protected :bar def invoke_bar public_send(:bar) end end puts Foo.public_send(:bar) rescue puts "error; this seems normal" puts Foo.new.invoke_bar # The last statement outputs "wtf?" on: # * 1.9.3p194 # * 1.9.3p327 # * ruby-head (2012-12-03) # The last statement raises a NoMethodError on: # * JRuby 1.7.0 # * rubinius 2.0.0dev 2279857e # # I /expected/ the NoMethodError behavior
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.