lib/safemode/parser.rb in safemode-1.2.1 vs lib/safemode/parser.rb in safemode-1.2.2
- old
+ new
@@ -80,20 +80,22 @@
:iasgn, # iasgn is sometimes allowed
# not sure about self ...
:self,
# :args is now used for block parameters
:args,
+ # :colon2 is used for module constants
+ :colon2,
# unnecessarily advanced?
:argscat, :argspush, :splat, :block_pass,
:op_asgn1, :op_asgn2, :op_asgn_and, :op_asgn_or,
# needed for haml
:block ]
disallowed = [ # :self, # self doesn't seem to be needed for vcalls?
# see below for :const handling
:defn, :defs, :alias, :valias, :undef, :class, :attrset,
- :module, :sclass, :colon2, :colon3,
+ :module, :sclass, :colon3,
:fbody, :scope, :block_arg, :postexe,
:redo, :retry, :begin, :rescue, :resbody, :ensure,
:defined, :super, :zsuper, :return,
:dmethod, :bmethod, :to_ary, :svalue, :match,
:attrasgn, :cdecl, :cvasgn, :cvdecl, :cvar, :gvar, :gasgn,
@@ -111,13 +113,13 @@
raise_security_error(name, code)
end
end
# handling of Encoding constants in ruby 1.9.
- # Note: ruby_parser evaluates __ENCODING__ to :const Encoding::UTF_8
+ # Note: ruby_parser evaluates __ENCODING__ to s(:colon2, s(:const, :Encoding), :UTF_8)
def process_const(arg)
- raise_security_error("constant", super(arg)) unless (RUBY_VERSION >= "1.9" and arg.sexp_type.class == Encoding)
- "Encoding::#{super(arg).gsub('-', '_')}"
+ raise_security_error("constant", super(arg)) unless (RUBY_VERSION >= "1.9" and arg.sexp_type == :Encoding)
+ "#{super(arg).gsub('-', '_')}"
end
def raise_security_error(type, info)
raise Safemode::SecurityError.new(type, info)
end