To check out this repository please hg clone the following URL, or open the URL using EasyMercurial or your preferred Mercurial client.
root / .svn / pristine / 11 / 111782291673fa0d25a1477bea1c5d346d154c35.svn-base @ 1297:0a574315af3e
History | View | Annotate | Download (1.2 KB)
| 1 |
# Copyright (c) 2009 Michael Koziarski <michael@koziarski.com> |
|---|---|
| 2 |
# |
| 3 |
# Permission to use, copy, modify, and/or distribute this software for any |
| 4 |
# purpose with or without fee is hereby granted, provided that the above |
| 5 |
# copyright notice and this permission notice appear in all copies. |
| 6 |
# |
| 7 |
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 8 |
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 9 |
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
| 10 |
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 11 |
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
| 12 |
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
| 13 |
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 14 |
|
| 15 |
require 'bigdecimal' |
| 16 |
|
| 17 |
alias BigDecimalUnsafe BigDecimal |
| 18 |
|
| 19 |
|
| 20 |
# This fixes CVE-2009-1904 however it removes legitimate functionality that your |
| 21 |
# application may depend on. You are *strongly* advised to upgrade your ruby |
| 22 |
# rather than relying on this fix for an extended period of time. |
| 23 |
|
| 24 |
def BigDecimal(initial, digits=0) |
| 25 |
if initial.size > 255 || initial =~ /e/i |
| 26 |
raise "Invalid big Decimal Value" |
| 27 |
end |
| 28 |
BigDecimalUnsafe(initial, digits) |
| 29 |
end |
| 30 |
|