From 575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a Mon Sep 17 00:00:00 2001
From: Mike Perham <mperham@gmail.com>
Date: Mon, 19 May 2014 04:18:28 -0700
Subject: Whitelist legal job parameter types

---
 lib/active_job/parameters.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'lib/active_job')

diff --git a/lib/active_job/parameters.rb b/lib/active_job/parameters.rb
index a4841abd1e..75de5bcae7 100644
--- a/lib/active_job/parameters.rb
+++ b/lib/active_job/parameters.rb
@@ -3,13 +3,17 @@ require 'active_support/core_ext/object/try'
 
 module ActiveJob
   class Parameters
+    TYPE_WHITELIST = [NilClass, Fixnum, Float, String, TrueClass, FalseClass, Hash, Array]
+
     def self.serialize(params)
-      params.collect { |param| param.try(:global_id) || param }
+      params.collect do |param|
+        raise "Unsupported parameter type: #{param.class.name}" unless param.respond_to?(:global_id) || TYPE_WHITELIST.include?(param.class)
+        param.try(:global_id) || param
+      end
     end
-    
+
     def self.deserialize(params)
       params.collect { |param| ActiveModel::GlobalLocator.locate(param) || param }
     end
   end
 end
-  
\ No newline at end of file
-- 
cgit v1.2.3