merge revision(s) 61242: [Backport #14185]

Fix a command injection vulnerability in Net::FTP. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@61246 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2025-09-17 01:23:57 +02:00 · 2017-12-14 13:53:48 +00:00 · 2017-12-14 13:53:48 +00:00 · 0207c68ea3
commit 0207c68ea3
parent fc824f2a81
4 changed files with 244 additions and 6 deletions
--- a/lib/net/ftp.rb
+++ b/lib/net/ftp.rb
@ -606,10 +606,10 @@ module Net
      if localfile
        if @resume
          rest_offset = File.size?(localfile)
-          f = open(localfile, "a")
+          f = File.open(localfile, "a")
        else
          rest_offset = nil
-          f = open(localfile, "w")
+          f = File.open(localfile, "w")
        end
      elsif !block_given?
        result = ""
@ -637,7 +637,7 @@ module Net
    def gettextfile(remotefile, localfile = File.basename(remotefile)) # :yield: line
      result = nil
      if localfile
-        f = open(localfile, "w")
+        f = File.open(localfile, "w")
      elsif !block_given?
        result = ""
      end
@ -683,7 +683,7 @@ module Net
      else
        rest_offset = nil
      end
-      f = open(localfile)
+      f = File.open(localfile)
      begin
        f.binmode
        if rest_offset
@ -702,7 +702,7 @@ module Net
    # passing in the transmitted data one line at a time.
    #
    def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line
-      f = open(localfile)
+      f = File.open(localfile)
      begin
        storlines("STOR " + remotefile, f, &block)
      ensure