fix security issue

[selectricity-live] / config / environment.rb

diff --git a/config/environment.rb b/config/environment.rb
index 32d313b2ed47ea9e358256050c62d6f38f1519cd..802b3b90d85257e47ee9a7c81330cccc88efe41c 100644 (file)
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -5,7 +5,7 @@
 # ENV['RAILS_ENV'] ||= 'production'
 
 # Specifies gem version of Rails to use when vendor/rails is not present
-RAILS_GEM_VERSION = '1.2.3' unless defined? RAILS_GEM_VERSION
+RAILS_GEM_VERSION = '2.2.2' unless defined? RAILS_GEM_VERSION
 
 # Bootstrap the Rails environment, frameworks, and default configuration
 require File.join(File.dirname(__FILE__), 'boot')
@@ -62,7 +62,6 @@ end
 MAIL_CONFIG = { :from => 'Selectricity <team@selectricity.org>'} 
 
 require 'uniq_token'
-require 'randarray'
 require 'gruff-0.2.8/lib/gruff'
 require 'sparklines'
 require 'rubyvote'
@@ -148,3 +147,8 @@ GeoKit::Geocoders::geocoder_ca = false
 # various geocoders.  Make sure you read up on relevant Terms of Use for each
 # geocoder you are going to use.
 GeoKit::Geocoders::provider_order = [:google,:us]
+
+# fix major security vulnerability: 
+# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
+ActionController::Base.param_parsers.delete(Mime::XML)
+