Fix taint/untrust propagation during gsub.

git-svn-id: https://svn.codehaus.org/jruby/trunk/jruby@9277 961051c9-f516-0410-bf72-c9f7e237a7b7

rubyspecs.revision

@@ -3,4 +3,4 @@
 
 mspec.revision=d4828044fb14161ea23c97d97953c844162d84e4
 
-rubyspecs.revision=bb1c9e25e0563c5e3ef67ebd1e1597947a6e00fc
+rubyspecs.revision=b333dee883db44395616f8aa013735a3bbc3d187

src/org/jruby/RubyBasicObject.java

@@ -410,6 +410,7 @@ public void setTaint(boolean taint) {
      */
     public IRubyObject infectBy(IRubyObject obj) {
         if (obj.isTaint()) setTaint(true);
+        if (obj.isUntrusted()) setUntrusted(true);
         return this;
     }
 

src/org/jruby/RubyString.java

@@ -2701,7 +2701,8 @@ private final IRubyObject gsub19(ThreadContext context, IRubyObject arg0, IRubyO
     }
 
     private IRubyObject gsubCommon19(ThreadContext context, Block block, RubyString repl, RubyHash hash, IRubyObject arg0, final boolean bang) {
-        boolean tainted = arg0 != null && arg0.isTaint();
+        boolean tainted = false;
+        boolean untrusted = false;
         Ruby runtime = context.getRuntime();
 
         final Regex pattern, prepared;
@@ -2755,6 +2756,7 @@ private IRubyObject gsubCommon19(ThreadContext context, Block block, RubyString
             }
 
             if (val.isTaint()) tainted = true;
+            if (val.isUntrusted()) untrusted = true;
 
             int len = beg - offset;
             if (len != 0) dest.cat(bytes, cp, len, enc);
@@ -2784,9 +2786,11 @@ private IRubyObject gsubCommon19(ThreadContext context, Block block, RubyString
             view(dest.value);
             setCodeRange(dest.getCodeRange());
             if (tainted) setTaint(true);
+            if (untrusted) setUntrusted(true);
             return this;
         } else {
             if (tainted) dest.setTaint(true);
+            if (untrusted) dest.setUntrusted(true);
             dest.infectBy(this);
             return dest;
         }