From 1e9d4f7cf259c331c710fbe8c3d1c4c5962977e0 Mon Sep 17 00:00:00 2001 From: Renaud Chaput Date: Thu, 17 Aug 2017 10:54:29 +0200 Subject: [PATCH] Safer loading for translation repositories - Do not use a relative path for require, as it fails with safe mode enabled. - Check the repository type against a whitelist of existing repositories This fixes the two specs marked as pending on Ruby 2.x --- lib/fast_gettext/translation_repository.rb | 9 +++++++-- spec/fast_gettext/translation_repository/merge_spec.rb | 4 +--- spec/fast_gettext/translation_repository/mo_spec.rb | 4 +--- spec/fast_gettext/translation_repository_spec.rb | 2 +- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/lib/fast_gettext/translation_repository.rb b/lib/fast_gettext/translation_repository.rb index 7ff8b2b7..9d81c755 100644 --- a/lib/fast_gettext/translation_repository.rb +++ b/lib/fast_gettext/translation_repository.rb @@ -2,13 +2,18 @@ module FastGettext # Responsibility: # - decide which repository to choose from given input module TranslationRepository + VALID_TYPES = %i[base chain db logger merge mo po yaml].freeze + extend self def build(name, options) - type = options[:type] || :mo + type = options[:type] ? options[:type].to_sym : :mo + + raise ArgumentError, "Invalid translation repository type" unless VALID_TYPES.include?(type) + class_name = type.to_s.split('_').map(&:capitalize).join unless FastGettext::TranslationRepository.constants.map{|c|c.to_s}.include?(class_name) - require "fast_gettext/translation_repository/#{type}" + require "#{__dir__}/translation_repository/#{type}.rb".untaint end eval(class_name).new(name,options) end diff --git a/spec/fast_gettext/translation_repository/merge_spec.rb b/spec/fast_gettext/translation_repository/merge_spec.rb index 8cace94d..53c156f6 100644 --- a/spec/fast_gettext/translation_repository/merge_spec.rb +++ b/spec/fast_gettext/translation_repository/merge_spec.rb @@ -138,8 +138,6 @@ end it "can work in SAFE mode" do - pending_if RUBY_VERSION > "2.0" do - `ruby spec/cases/safe_mode_can_handle_locales.rb 2>&1`.should == 'true' - end + `ruby spec/cases/safe_mode_can_handle_locales.rb 2>&1`.should == 'true' end end diff --git a/spec/fast_gettext/translation_repository/mo_spec.rb b/spec/fast_gettext/translation_repository/mo_spec.rb index 87a9bbd0..1cf433a5 100644 --- a/spec/fast_gettext/translation_repository/mo_spec.rb +++ b/spec/fast_gettext/translation_repository/mo_spec.rb @@ -52,8 +52,6 @@ end it "can work in SAFE mode" do - pending_if RUBY_VERSION > "2.0" do - `ruby spec/cases/safe_mode_can_handle_locales.rb 2>&1`.should == 'true' - end + `ruby spec/cases/safe_mode_can_handle_locales.rb 2>&1`.should == 'true' end end diff --git a/spec/fast_gettext/translation_repository_spec.rb b/spec/fast_gettext/translation_repository_spec.rb index c6ea56f3..5070a99b 100644 --- a/spec/fast_gettext/translation_repository_spec.rb +++ b/spec/fast_gettext/translation_repository_spec.rb @@ -3,7 +3,7 @@ describe FastGettext::TranslationRepository do describe "build" do it "auto requires class by default" do - lambda { FastGettext::TranslationRepository.build('xx', { :type => 'invalid'}) }.should raise_error(LoadError) + lambda { FastGettext::TranslationRepository.build('xx', { :type => 'invalid'}) }.should raise_error(ArgumentError) end it "can have auto-require disabled" do