为什么 Ruby 1.9.2 删除了“.”来自 LOAD_PATH,还有什么选择?

发布于 2024-09-02 23:19:15 字数 291 浏览 7 评论 0 原文

Ruby 1.9.2 的最新更改集不再使当前目录 . 成为 LOAD_PATH 的一部分。我有大量 Rakefiles 假设 .LOAD_PATH 的一部分,所以这破坏了它们(他们报告“没有这样的文件来加载”)基于项目路径的语句)。这样做有什么特别的理由吗?

至于修复,添加 $: << “.” 到处都有效,但看起来非常老套,我不想这样做。使我的 Rakefiles 1.9.2+ 兼容的首选方法是什么?

The latest changesets to Ruby 1.9.2 no longer make the current directory . part of your LOAD_PATH. I have a non-trivial number of Rakefiles that assume that . is part of the LOAD_PATH, so this broke them (they reported "no such file to load" for all require statements that based off the project path). Was there a particular justification for doing this?

As for a fix, adding $: << "." everywhere works, but seems incredibly hacky and I don't want to do that. What's the preferred way to make my Rakefiles 1.9.2+ compatible?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

夜深人未静 2024-09-09 23:19:15

这被认为是一种“安全”风险。

方法来解决它,使用 irb;

File.expand_path(__FILE__) et al

您可以通过使用绝对路径或使用

require './filename' (ironically).

require_relative 'filename'

添加“include”目录

ruby -I . ...

或相同的

$irb -I .

It was deemed a "security" risk.

You can get around it by using absolute paths

File.expand_path(__FILE__) et al

or doing

require './filename' (ironically).

or by using

require_relative 'filename'

or adding an "include" directory

ruby -I . ...

or the same, using irb;

$irb -I .
浅听莫相离 2024-09-09 23:19:15

有两个原因:

  • 稳健性和
  • 安全性

两者都基于相同的基本原则:通常,当代码运行时,您根本无法知道当前目录是什么。这意味着,当您需要一个文件并依赖它位于当前目录中时,您无法控制该文件是否存在,或者它是否是您实际期望存在的文件。

There's two reasons:

  • robustness and
  • security

Both are based on the same underlying principle: in general, you simply cannot know what the current directory is, when your code is run. Which means that, when you require a file and depend on it being in the current directory, you have no way of controlling whether that file will even be there, or whether it is the file that you actually expect to be there.

三寸金莲 2024-09-09 23:19:15

正如其他答案指出的那样,这是一个安全风险,因为加载路径中的 . 指的是当前工作目录 Dir.pwd,而不是当前正在加载的文件的目录。因此,无论谁执行您的脚本,都可以通过 cd 到另一个目录来简单地更改此设置。不好!

我一直在使用从 __FILE__ 构建的完整路径作为替代方案。

require File.expand_path(File.join(File.dirname(__FILE__), 'filename'))

require_relative 不同,它向后兼容 Ruby 1.8.7。

As others answers point out, it's a security risk because . in your load path refers to the present working directory Dir.pwd, not the directory of the current file being loaded. So whoever is executing your script can change this simply by cding to another directory. Not good!

I've been using full paths constructed from __FILE__ as an alternative.

require File.expand_path(File.join(File.dirname(__FILE__), 'filename'))

Unlike require_relative, this is backward compatible with Ruby 1.8.7.

关于从前 2024-09-09 23:19:15

使用 require_relative 'file_to_require'

将其放入代码中以使 require_relative 在 1.8.7 中工作:

unless Kernel.respond_to?(:require_relative)
  module Kernel
    def require_relative(path)
      require File.join(File.dirname(caller.first), path.to_str)
    end
  end
end

Use require_relative 'file_to_require'

Throw this in your code to make require_relative work in 1.8.7:

unless Kernel.respond_to?(:require_relative)
  module Kernel
    def require_relative(path)
      require File.join(File.dirname(caller.first), path.to_str)
    end
  end
end
情深如许 2024-09-09 23:19:15

'.'在你的路径中长期以来一直被认为是 Unix 世界中的一件坏事(例如,参见 http://www.faqs.org/faqs/unix-faq/faq/part2/section-13.html)。我想 Ruby 的人们已经被说服了,不这样做是明智的。

'.' in your path has long been considered a bad thing in the Unix world (see, for example, http://www.faqs.org/faqs/unix-faq/faq/part2/section-13.html). I assume the Ruby folks have been persuaded of the wisdom of not doing that.

往事风中埋 2024-09-09 23:19:15

我发现这是一个令人困惑的变化,直到我意识到一些事情。

您可以在 .profile (Unix) 中设置 RUBYLIB 并像以前一样继续生活:

export RUBYLIB="."

但如上所述,长期以来,这样做一直被认为是不安全的。

对于绝大多数情况,您可以通过简单地调用带有前缀“.”的 Ruby 脚本来避免问题。例如./scripts/server.

I found this to be a confounding change until I realized a couple of things.

You can set RUBYLIB in your .profile (Unix) and go on with life as you did before:

export RUBYLIB="."

But as mentioned above, it's long been considered unsafe to do so.

For the vast majority of cases you can avoid problems by simply calling your Ruby scripts with a prepended '.' e.g. ./scripts/server.

装迷糊 2024-09-09 23:19:15

正如 Jörg W Mittag 指出的那样,我认为您想要使用的是 require_relative,因此您需要的文件是相对于 require 声明的源文件而不是当前文件工作目录

您的依赖项应该与您的 rake 构建文件相关。

As Jörg W Mittag pointed out, I think what you want to be using is require_relative so the file you require is relative to the source file of the require declaration and not the current working dir.

Your dependencies should be relative to your rake build file.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文