From: "naruse (Yui NARUSE)" Date: 2012-07-06T19:21:04+09:00 Subject: [ruby-core:46232] [ruby-trunk - Bug #4487] require_relative fails in an eval'ed file Issue #4487 has been updated by naruse (Yui NARUSE). shyouhei (Shyouhei Urabe) wrote: > naruse (Yui NARUSE) wrote: > > require_relative is introduced to avoid accidentally require a malicious file on the current working directory. > > So it can't be acceptable. > > Use require or load on such case. > > I'm not pretty sure about this. Is there a chance for a (proposed behaviour of) require_relative to require a malicious file on the current directory? > > Because you are on an IRB session and intentionally emitting require_relative (not require), I doubt the danger you say. * irb is not the only user of eval. * A user won't always use require_relative intentionally. * There is a suitable another way: require './myfile' With those reason, I don't think require_relative should be changed. ---------------------------------------- Bug #4487: require_relative fails in an eval'ed file https://bugs.ruby-lang.org/issues/4487#change-27860 Author: rogerdpack (Roger Pack) Status: Assigned Priority: Normal Assignee: matz (Yukihiro Matsumoto) Category: Target version: ruby -v: - =begin Hello all. $cat eval_me1.rb eval(File.read('eval_me2.rb'), binding, File.expand_path('./eval_me2.rb')) $cat eval_me2.rb require_relative 'eval_me1.rb' $ ruby eval_me1.rb C:/dev/ruby/faster_require/spec/eval_me2.rb:1:in `require_relative': cannot infer basepath (LoadError) from C:/dev/ruby/faster_require/spec/eval_me2.rb:1:in `
' from eval_me1.rb:1:in `eval' from eval_me1.rb:1:in `
' I suppose was assuming that if eval included a filename, then require_relative would work from within it. Perhaps I am mistaken? Thanks! -r =end -- http://bugs.ruby-lang.org/