meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2026-01-31 11:37:14 +00:00
Code Issues Releases Wiki Activity

Don't use YAML.unsafe_load (#37450).

Browse Source 
Patch by Go MAEDA.


git-svn-id: https://svn.redmine.org/redmine/trunk@21722 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Go MAEDA 2022-07-20 03:05:10 +00:00
parent e6847b294c
commit b6c218deed
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/models/setting.rb
View File

@ -108,8 +108,7 @@ class Setting < ActiveRecord::Base
v = read_attribute(:value)
# Unserialize serialized settings
if available_settings[name]['serialized'] && v.is_a?(String)
# YAML.load works as YAML.safe_load if Psych >= 4.0 is installed
v = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(v) : YAML.load(v)
v = YAML.safe_load(v, permitted_classes: [ActiveSupport::HashWithIndifferentAccess])
v = force_utf8_strings(v)
end
v = v.to_sym if available_settings[name]['format'] == 'symbol' && !v.blank?