[Closed] ENV doesn't raise SecurityError except for aset and delete

Issue #9976 has been updated by Nobuyoshi N…

Status changed from Open to Closed
% Done changed from 0 to 100

Applied in changeset r46547.


hash.c: prohibit tainted strings

  • hash.c (env_aset, env_has_key, env_assoc, env_has_value),
    (env_rassoc, env_key): prohibit tainted strings if $SAFE is
    non-zero. [Bug #9976]

Bug #9976: ENV doesn’t raise SecurityError except for aset and delete
https://bugs.ruby-lang.org/issues/9976#change-47372

  • Author: Nobuyoshi N.
  • Status: Closed
  • Priority: Normal
  • Assignee:
  • Category:
  • Target version:
  • ruby -v: trunk
  • Backport: 2.0.0: REQUIRED, 2.1: REQUIRED

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs