Skip to content

Commit 1254b00

Browse files
hsbthsbt
committed
Filter marshaled objects
1 parent 35b409b commit 1254b00

File tree

1 file changed

+26
-19
lines changed

1 file changed

+26
-19
lines changed

lib/rdoc/store.rb

Lines changed: 26 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -556,9 +556,7 @@ def load_all
556556
def load_cache
557557
#orig_enc = @encoding
558558

559-
File.open cache_path, 'rb' do |io|
560-
@cache = Marshal.load io.read
561-
end
559+
@cache = marshal_load(cache_path)
562560

563561
load_enc = @cache[:encoding]
564562

@@ -615,9 +613,7 @@ def load_class klass_name
615613
def load_class_data klass_name
616614
file = class_file klass_name
617615

618-
File.open file, 'rb' do |io|
619-
Marshal.load io.read
620-
end
616+
marshal_load(file)
621617
rescue Errno::ENOENT => e
622618
error = MissingFileError.new(self, file, klass_name)
623619
error.set_backtrace e.backtrace
@@ -630,14 +626,10 @@ def load_class_data klass_name
630626
def load_method klass_name, method_name
631627
file = method_file klass_name, method_name
632628

633-
File.open file, 'rb' do |io|
634-
obj = Marshal.load io.read
635-
obj.store = self
636-
obj.parent =
637-
find_class_or_module(klass_name) || load_class(klass_name) unless
638-
obj.parent
639-
obj
640-
end
629+
obj = marshal_load(file)
630+
obj.store = self
631+
obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name)
632+
obj
641633
rescue Errno::ENOENT => e
642634
error = MissingFileError.new(self, file, klass_name + method_name)
643635
error.set_backtrace e.backtrace
@@ -650,11 +642,9 @@ def load_method klass_name, method_name
650642
def load_page page_name
651643
file = page_file page_name
652644

653-
File.open file, 'rb' do |io|
654-
obj = Marshal.load io.read
655-
obj.store = self
656-
obj
657-
end
645+
obj = marshal_load(file)
646+
obj.store = self
647+
obj
658648
rescue Errno::ENOENT => e
659649
error = MissingFileError.new(self, file, page_name)
660650
error.set_backtrace e.backtrace
@@ -976,4 +966,21 @@ def unique_modules
976966
@unique_modules
977967
end
978968

969+
private
970+
def marshal_load(file)
971+
File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)}
972+
end
973+
974+
MarshalFilter = proc do |obj|
975+
case obj
976+
when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text
977+
else
978+
unless obj.class.name.start_with("RDoc::")
979+
raise TypeError, "not permitted class: #{obj.class.name}"
980+
end
981+
end
982+
obj
983+
end
984+
private_constant :MarshalFilter
985+
979986
end

0 commit comments

Comments
 (0)