about summary refs log tree commit homepage
path: root/lib/unicorn/tmpio.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/unicorn/tmpio.rb')
-rw-r--r--lib/unicorn/tmpio.rb10
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/unicorn/tmpio.rb b/lib/unicorn/tmpio.rb
index db88ed3..0bbf6ec 100644
--- a/lib/unicorn/tmpio.rb
+++ b/lib/unicorn/tmpio.rb
@@ -11,12 +11,18 @@ class Unicorn::TmpIO < File
   # immediately, switched to binary mode, and userspace output
   # buffering is disabled
   def self.new
+    path = nil
+
+    # workaround File#path being tainted:
+    # https://bugs.ruby-lang.org/issues/14485
     fp = begin
-      super("#{Dir::tmpdir}/#{rand}", RDWR|CREAT|EXCL, 0600)
+      path = "#{Dir::tmpdir}/#{rand}"
+      super(path, RDWR|CREAT|EXCL, 0600)
     rescue Errno::EEXIST
       retry
     end
-    unlink(fp.path)
+
+    unlink(path)
     fp.binmode
     fp.sync = true
     fp