* eval.c (block_pass): should not pass tainted block, if $SAFE > 0.

* variable.c (rb_mod_remove_cvar): should pass the char*. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_1_6@1995 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
author: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2002-01-16 09:22:45 +0000
committer: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> 2002-01-16 09:22:45 +0000
commit: ab1a751ece53402ad1903cae700a3f023b20803c (patch)
tree: dd5ba61e658bb75e0fbe6b476ae67599e0e1f34e /eval.c
parent: ce71ad15c71e4ec0fdc8d6249c6b3b0e6729e232 (diff)
1 files changed, 21 insertions, 1 deletions
diff --git a/eval.c b/eval.c
index b7fede218a..a12d7ff3fe 100644
--- a/eval.c
+++ b/eval.c
@@ -1753,7 +1753,23 @@ is_defined(self, node, buf)
 	    return 0;
 	}
       check_bound:
-	if (rb_method_boundp(val, node->nd_mid, nd_type(node)== NODE_CALL)) {
+	{
+	    int call = nd_type(node)== NODE_CALL;
+	    if (call) {
+		int noex;
+		ID id = node->nd_mid;
+
+		if (!rb_get_method_body(&val, &id, &noex))
+		    break;
+		if ((noex & NOEX_PRIVATE))
+		    break;
+		if ((noex & NOEX_PROTECTED)) {
+		    if (!rb_obj_is_kind_of(self, rb_class_real(val)))
+			break;
+		}
+	    }
+	    else if (!rb_method_boundp(val, node->nd_mid, call))
+		break;
 	    return arg_defined(self, node->nd_args, buf, "method");
 	}
 	break;
@@ -6511,6 +6527,10 @@ block_pass(self, node)
 		 rb_class2name(CLASS_OF(block)));
     }
 
+    if (rb_safe_level() >= 1 && OBJ_TAINTED(block)) {
+	rb_raise(rb_eSecurityError, "Insecure: tainted block value");
+    }
+
     Data_Get_Struct(block, struct BLOCK, data);
     orphan = blk_orphan(data);
author	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2002-01-16 09:22:45 +0000
committer	matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>	2002-01-16 09:22:45 +0000
commit	ab1a751ece53402ad1903cae700a3f023b20803c (patch)
tree	dd5ba61e658bb75e0fbe6b476ae67599e0e1f34e /eval.c
parent	ce71ad15c71e4ec0fdc8d6249c6b3b0e6729e232 (diff)