Replace JSON.load with JSON.parse, also removed the proc parameter

Since we are dealing with untrusted user input, we should not be
using JSON.load. According to the docs[1]:

BEWARE: This method is meant to serialise data from trusted user
input, like from your own database server or clients under your
control, it could be dangerous to allow untrusted users to pass
JSON sources into it. The default options for the parser can be
changed via the ::load_default_options method.

[1] http://www.ruby-doc.org/stdlib-2.0/libdoc/json/rdoc/JSON.html#method-i-load

0 files changed, 0 insertions, 0 deletions