File rubygem-railties-5.2-CVE-2023-23913.patch of Package rubygem-railties-5.2.18164

Overview Repositories Revisions Requests Users Attributes Meta

File rubygem-railties-5.2-CVE-2023-23913.patch of Package rubygem-railties-5.2.18164

Index: railties-5.2.3/lib/rails/secrets.rb
===================================================================
--- railties-5.2.3.orig/lib/rails/secrets.rb
+++ railties-5.2.3/lib/rails/secrets.rb
@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "yaml"
+require "tempfile"
 require "active_support/message_encryptor"
 require "active_support/core_ext/string/strip"
 
@@ -85,17 +86,18 @@ module Rails
         end
 
         def writing(contents)
-          tmp_file = "#{File.basename(path)}.#{Process.pid}"
-          tmp_path = File.join(Dir.tmpdir, tmp_file)
-          IO.binwrite(tmp_path, contents)
+          file_name = "#{File.basename(path)}.#{Process.pid}"
 
-          yield tmp_path
+          Tempfile.create(["", "-" + file_name]) do |tmp_file|
+            tmp_path = Pathname.new(tmp_file)
+            tmp_path.binwrite contents
 
-          updated_contents = IO.binread(tmp_path)
+            yield tmp_path
 
-          write(updated_contents) if updated_contents != contents
-        ensure
-          FileUtils.rm(tmp_path) if File.exist?(tmp_path)
+            updated_contents = tmp_path.binread
+
+            write(updated_contents) if updated_contents != contents
+          end
         end
 
         def encryptor

Places

File rubygem-railties-5.2-CVE-2023-23913.patch of Package rubygem-railties-5.2.18164

Places