lib/tdiary/style/wiki.rb in tdiary-4.2.1 vs lib/tdiary/style/wiki.rb in tdiary-5.0.0
- old
+ new
@@ -71,14 +71,12 @@
private
def valid_plugin_syntax?(code)
lambda {
begin
- $SAFE = 4
- rescue ArgumentError
- # $SAFE=4 was removed from Ruby 2.1.0.
+ $SAFE = 1
ensure
- eval( "BEGIN {return true}\n#{code}", nil, "(plugin)", 0 )
+ eval( "BEGIN {return true}\n#{code.dup.untaint}", nil, "(plugin)", 0 )
end
}.call
rescue SyntaxError
lambda { eval('') }.call
false