]> projects.mako.cc - selectricity-live/commitdiff
fix security issue live
authorBenjamin Mako Hill <mako@ephesus.xvm.mit.edu>
Wed, 9 Jan 2013 16:43:27 +0000 (11:43 -0500)
committerBenjamin Mako Hill <mako@ephesus.xvm.mit.edu>
Wed, 9 Jan 2013 16:43:27 +0000 (11:43 -0500)
config/environment.rb

index 28ecf9eca9b69a83661596fc3da8790ab4524f3c..802b3b90d85257e47ee9a7c81330cccc88efe41c 100644 (file)
@@ -147,3 +147,8 @@ GeoKit::Geocoders::geocoder_ca = false
 # various geocoders.  Make sure you read up on relevant Terms of Use for each
 # geocoder you are going to use.
 GeoKit::Geocoders::provider_order = [:google,:us]
+
+# fix major security vulnerability: 
+# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
+ActionController::Base.param_parsers.delete(Mime::XML)
+

Benjamin Mako Hill || Want to submit a patch?