diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-06-23 00:40:53 +0000 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-06-23 00:40:53 +0000 |
commit | 40f6e9f8e126c494ff89b4c149bbd7a1fe7df197 (patch) | |
tree | badcdfcda3951c8a0d20c835cb20d22aabff6242 /activesupport | |
parent | 95c9ece59ab6926272a7fb6d5907ca58a84b39f7 (diff) | |
download | rails-40f6e9f8e126c494ff89b4c149bbd7a1fe7df197.tar.gz rails-40f6e9f8e126c494ff89b4c149bbd7a1fe7df197.tar.bz2 rails-40f6e9f8e126c494ff89b4c149bbd7a1fe7df197.zip |
Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read files or stdin. Closes #8453.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7086 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activesupport')
-rw-r--r-- | activesupport/CHANGELOG | 2 | ||||
-rw-r--r-- | activesupport/lib/active_support/core_ext/hash/conversions.rb | 23 |
2 files changed, 24 insertions, 1 deletions
diff --git a/activesupport/CHANGELOG b/activesupport/CHANGELOG index d977682f5c..a4046061aa 100644 --- a/activesupport/CHANGELOG +++ b/activesupport/CHANGELOG @@ -1,5 +1,7 @@ *SVN* +* Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read files or stdin. #8453 [candlerb, Jeremy Kemper] + * Backport clean_logger changes to support ruby 1.8.2 [mislav] * Added proper handling of arrays #8537 [hasmanyjosh] diff --git a/activesupport/lib/active_support/core_ext/hash/conversions.rb b/activesupport/lib/active_support/core_ext/hash/conversions.rb index 2c0d894518..929dd45e98 100644 --- a/activesupport/lib/active_support/core_ext/hash/conversions.rb +++ b/activesupport/lib/active_support/core_ext/hash/conversions.rb @@ -20,6 +20,27 @@ class Array end end +# Locked down XmlSimple#xml_in_string +class XmlSimple + # Same as xml_in but doesn't try to smartly shoot itself in the foot. + def xml_in_string(string, options = nil) + handle_options('in', options) + + @doc = parse(string) + result = collapse(@doc.root) + + if @options['keeproot'] + merge({}, @doc.root.name, result) + else + result + end + end + + def self.xml_in_string(string, options = nil) + new.xml_in_string(string, options) + end +end + module ActiveSupport #:nodoc: module CoreExtensions #:nodoc: module Hash #:nodoc: @@ -135,7 +156,7 @@ module ActiveSupport #:nodoc: module ClassMethods def from_xml(xml) # TODO: Refactor this into something much cleaner that doesn't rely on XmlSimple - typecast_xml_value(undasherize_keys(XmlSimple.xml_in(xml, + typecast_xml_value(undasherize_keys(XmlSimple.xml_in_string(xml, 'forcearray' => false, 'forcecontent' => true, 'keeproot' => true, |