The code responsible for the exception residents in
gettext/runtime/locale_path.rb line 92 (the relevant function is
``initialize''):
90 Dir.glob(rule %{:lang => "*", :name => name}).each do |path|
91 if /#{this_path_rules}/ =~ path
92 @locale_paths[$1] = path unless @locale_paths[$1]
93 end
94 end
The fix is to change that line to
@locale_paths[$1] = path.untaint unless @locale_paths[$1]
As a temporary solution one can redefine
GetText::LocalePath.initialize or GetText::MOFile.open (the last seems
better for me):
module GetText
class MOFile
alias :oldload :load
def load(arg)
arg = arg.dup.untaint if arg.kind_of? String
oldload(arg)
end
end
end
--
http://375gnu.wordpress.com
--- gettext/lib/gettext/runtime/locale_path.rb~ 2010-05-15 07:55:12.000000000 +0300
+++ gettext/lib/gettext/runtime/locale_path.rb 2011-09-22 20:05:26.000000000 +0300
@@ -89,7 +89,7 @@
this_path_rules = rule % {:lang => "([^\/]+)", :name => name}
Dir.glob(rule %{:lang => "*", :name => name}).each do |path|
if /#{this_path_rules}/ =~ path
- @locale_paths[$1] = path unless @locale_paths[$1]
+ @locale_paths[$1] = path.untaint unless @locale_paths[$1]
end
end
end
