Skip to content

Commit

Permalink
fix SecurityError on connect with $SAFE=1
Browse files Browse the repository at this point in the history
If core.rb was required without raising a SecurityError, the directory
it was loaded from is trusted enough to untaint.
  • Loading branch information
angdraug committed Oct 1, 2011
1 parent b0e4883 commit 05494a3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/sequel/core.rb
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ def self.quote_identifiers=(value)
# This is used to ensure that the files loaded are from the same version of
# Sequel as this file.
def self.require(files, subdir=nil)
Array(files).each{|f| super("#{File.dirname(__FILE__)}/#{"#{subdir}/" if subdir}#{f}")}
Array(files).each{|f| super("#{File.dirname(__FILE__).untaint}/#{"#{subdir}/" if subdir}#{f}")}
end

# Set whether to set the single threaded mode for all databases by default. By default,
Expand Down

0 comments on commit 05494a3

Please sign in to comment.