To check out this repository please hg clone the following URL, or open the URL using EasyMercurial or your preferred Mercurial client.
root / .svn / pristine / 11 / 111782291673fa0d25a1477bea1c5d346d154c35.svn-base @ 912:5e80956cc792
History | View | Annotate | Download (1.2 KB)
| 1 | 909:cbb26bc654de | Chris | # Copyright (c) 2009 Michael Koziarski <michael@koziarski.com> |
|---|---|---|---|
| 2 | # |
||
| 3 | # Permission to use, copy, modify, and/or distribute this software for any |
||
| 4 | # purpose with or without fee is hereby granted, provided that the above |
||
| 5 | # copyright notice and this permission notice appear in all copies. |
||
| 6 | # |
||
| 7 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
||
| 8 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
||
| 9 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
||
| 10 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
||
| 11 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
||
| 12 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
||
| 13 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
||
| 14 | |||
| 15 | require 'bigdecimal' |
||
| 16 | |||
| 17 | alias BigDecimalUnsafe BigDecimal |
||
| 18 | |||
| 19 | |||
| 20 | # This fixes CVE-2009-1904 however it removes legitimate functionality that your |
||
| 21 | # application may depend on. You are *strongly* advised to upgrade your ruby |
||
| 22 | # rather than relying on this fix for an extended period of time. |
||
| 23 | |||
| 24 | def BigDecimal(initial, digits=0) |
||
| 25 | if initial.size > 255 || initial =~ /e/i |
||
| 26 | raise "Invalid big Decimal Value" |
||
| 27 | end |
||
| 28 | BigDecimalUnsafe(initial, digits) |
||
| 29 | end |