Skip to content

Commit da7a0c7

Browse files
nobuhsbt
nobu
authored and
hsbt
committed
Filter marshaled objets
1 parent 895f1af commit da7a0c7

File tree

1 file changed

+26
-19
lines changed

1 file changed

+26
-19
lines changed

lib/rdoc/store.rb

Lines changed: 26 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -559,9 +559,7 @@ def load_all
559559
def load_cache
560560
#orig_enc = @encoding
561561

562-
File.open cache_path, 'rb' do |io|
563-
@cache = Marshal.load io
564-
end
562+
@cache = marshal_load(cache_path)
565563

566564
load_enc = @cache[:encoding]
567565

@@ -618,9 +616,7 @@ def load_class klass_name
618616
def load_class_data klass_name
619617
file = class_file klass_name
620618

621-
File.open file, 'rb' do |io|
622-
Marshal.load io
623-
end
619+
marshal_load(file)
624620
rescue Errno::ENOENT => e
625621
error = MissingFileError.new(self, file, klass_name)
626622
error.set_backtrace e.backtrace
@@ -633,14 +629,10 @@ def load_class_data klass_name
633629
def load_method klass_name, method_name
634630
file = method_file klass_name, method_name
635631

636-
File.open file, 'rb' do |io|
637-
obj = Marshal.load io
638-
obj.store = self
639-
obj.parent =
640-
find_class_or_module(klass_name) || load_class(klass_name) unless
641-
obj.parent
642-
obj
643-
end
632+
obj = marshal_load(file)
633+
obj.store = self
634+
obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name)
635+
obj
644636
rescue Errno::ENOENT => e
645637
error = MissingFileError.new(self, file, klass_name + method_name)
646638
error.set_backtrace e.backtrace
@@ -653,11 +645,9 @@ def load_method klass_name, method_name
653645
def load_page page_name
654646
file = page_file page_name
655647

656-
File.open file, 'rb' do |io|
657-
obj = Marshal.load io
658-
obj.store = self
659-
obj
660-
end
648+
obj = marshal_load(file)
649+
obj.store = self
650+
obj
661651
rescue Errno::ENOENT => e
662652
error = MissingFileError.new(self, file, page_name)
663653
error.set_backtrace e.backtrace
@@ -979,4 +969,21 @@ def unique_modules
979969
@unique_modules
980970
end
981971

972+
private
973+
def marshal_load(file)
974+
File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)}
975+
end
976+
977+
MarshalFilter = proc do |obj|
978+
case obj
979+
when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text
980+
else
981+
unless obj.class.name.start_with("RDoc::")
982+
raise TypeError, "not permitted class: #{obj.class.name}"
983+
end
984+
end
985+
obj
986+
end
987+
private_constant :MarshalFilter
988+
982989
end

0 commit comments

Comments
 (0)