aboutsummaryrefslogtreecommitdiffstats
path: root/activesupport
diff options
context:
space:
mode:
authorJeremy Kemper <jeremy@bitsweat.net>2007-06-23 00:40:53 +0000
committerJeremy Kemper <jeremy@bitsweat.net>2007-06-23 00:40:53 +0000
commit40f6e9f8e126c494ff89b4c149bbd7a1fe7df197 (patch)
treebadcdfcda3951c8a0d20c835cb20d22aabff6242 /activesupport
parent95c9ece59ab6926272a7fb6d5907ca58a84b39f7 (diff)
downloadrails-40f6e9f8e126c494ff89b4c149bbd7a1fe7df197.tar.gz
rails-40f6e9f8e126c494ff89b4c149bbd7a1fe7df197.tar.bz2
rails-40f6e9f8e126c494ff89b4c149bbd7a1fe7df197.zip
Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read files or stdin. Closes #8453.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7086 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activesupport')
-rw-r--r--activesupport/CHANGELOG2
-rw-r--r--activesupport/lib/active_support/core_ext/hash/conversions.rb23
2 files changed, 24 insertions, 1 deletions
diff --git a/activesupport/CHANGELOG b/activesupport/CHANGELOG
index d977682f5c..a4046061aa 100644
--- a/activesupport/CHANGELOG
+++ b/activesupport/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Demote Hash#to_xml to use XmlSimple#xml_in_string so it can't read files or stdin. #8453 [candlerb, Jeremy Kemper]
+
* Backport clean_logger changes to support ruby 1.8.2 [mislav]
* Added proper handling of arrays #8537 [hasmanyjosh]
diff --git a/activesupport/lib/active_support/core_ext/hash/conversions.rb b/activesupport/lib/active_support/core_ext/hash/conversions.rb
index 2c0d894518..929dd45e98 100644
--- a/activesupport/lib/active_support/core_ext/hash/conversions.rb
+++ b/activesupport/lib/active_support/core_ext/hash/conversions.rb
@@ -20,6 +20,27 @@ class Array
end
end
+# Locked down XmlSimple#xml_in_string
+class XmlSimple
+ # Same as xml_in but doesn't try to smartly shoot itself in the foot.
+ def xml_in_string(string, options = nil)
+ handle_options('in', options)
+
+ @doc = parse(string)
+ result = collapse(@doc.root)
+
+ if @options['keeproot']
+ merge({}, @doc.root.name, result)
+ else
+ result
+ end
+ end
+
+ def self.xml_in_string(string, options = nil)
+ new.xml_in_string(string, options)
+ end
+end
+
module ActiveSupport #:nodoc:
module CoreExtensions #:nodoc:
module Hash #:nodoc:
@@ -135,7 +156,7 @@ module ActiveSupport #:nodoc:
module ClassMethods
def from_xml(xml)
# TODO: Refactor this into something much cleaner that doesn't rely on XmlSimple
- typecast_xml_value(undasherize_keys(XmlSimple.xml_in(xml,
+ typecast_xml_value(undasherize_keys(XmlSimple.xml_in_string(xml,
'forcearray' => false,
'forcecontent' => true,
'keeproot' => true,