Line 0
Link Here
|
|
|
1 |
=================================================================== |
2 |
RCS file: /cvsroot/tdiary/core/tdiary.rb,v |
3 |
retrieving revision 1.156 |
4 |
retrieving revision 1.159 |
5 |
diff -u -r1.156 -r1.159 |
6 |
--- tdiary.rb 2003/11/13 06:34:22 1.156 |
7 |
+++ tdiary.rb 2003/11/18 15:02:39 1.159 |
8 |
@@ -1,13 +1,13 @@ |
9 |
=begin |
10 |
== NAME |
11 |
tDiary: the "tsukkomi-able" web diary system. |
12 |
-tdiary.rb $Revision: 1.156 $ |
13 |
+tdiary.rb $Revision: 1.159 $ |
14 |
|
15 |
Copyright (C) 2001-2003, TADA Tadashi <sho@spc.gr.jp> |
16 |
You can redistribute it and/or modify it under GPL2. |
17 |
=end |
18 |
|
19 |
-TDIARY_VERSION = '1.5.6' |
20 |
+TDIARY_VERSION = '1.5.6.20031118' |
21 |
|
22 |
require 'cgi' |
23 |
begin |
24 |
@@ -62,10 +62,14 @@ |
25 |
module Safe |
26 |
def safe( level = 4 ) |
27 |
result = nil |
28 |
- Thread.start { |
29 |
- $SAFE = level |
30 |
+ if $SAFE < level then |
31 |
+ Thread.start { |
32 |
+ $SAFE = level |
33 |
+ result = yield |
34 |
+ }.join |
35 |
+ else |
36 |
result = yield |
37 |
- }.join |
38 |
+ end |
39 |
result |
40 |
end |
41 |
module_function :safe |
42 |
@@ -740,7 +744,9 @@ |
43 |
r = str.dup |
44 |
if @options['apply_plugin'] and str.index( '<%' ) then |
45 |
r = str.untaint if $SAFE < 3 |
46 |
- r = ERbLight.new( r ).result( binding ) |
47 |
+ Safe::safe( @conf.secure ? 4 : 1 ) do |
48 |
+ r = ERbLight.new( r ).result( binding ) |
49 |
+ end |
50 |
end |
51 |
r.gsub!( /<.*?>/, '' ) if remove_tag |
52 |
r |