fix security issue

[selectricity-live] / config / environment.rb

diff --git a/config/environment.rb b/config/environment.rb
index ccd9ad0990874b6b4bb92d6260caa52a891b9982..802b3b90d85257e47ee9a7c81330cccc88efe41c 100644 (file)
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -5,7 +5,7 @@
 # ENV['RAILS_ENV'] ||= 'production'
 
 # Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '1.2.3' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.2.2' unless defined? RAILS_GEM_VERSION
 
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')
@@ -59,10 +59,9 @@ end
 
 # Include your application configuration below
 
-MAIL_CONFIG = { :from => 'Selectricity <info@selectricity.media.mit.edu>'} 
+MAIL_CONFIG = { :from => 'Selectricity <team@selectricity.org>'} 
 
 require 'uniq_token'
-require 'randarray'
 require 'gruff-0.2.8/lib/gruff'
 require 'sparklines'
 require 'rubyvote'
@@ -148,3 +147,8 @@ GeoKit::Geocoders::geocoder_ca = false
 # various geocoders.  Make sure you read up on relevant Terms of Use for each
 # geocoder you are going to use.
 GeoKit::Geocoders::provider_order = [:google,:us]
+
+# fix major security vulnerability: 
+# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
+ActionController::Base.param_parsers.delete(Mime::XML)
+