From: Benjamin Mako Hill Date: Wed, 9 Jan 2013 16:43:27 +0000 (-0500) Subject: fix security issue X-Git-Url: https://projects.mako.cc/source/selectricity-live/commitdiff_plain/7065ec58c26803b9fbc99476c09c1599996f4cc1?ds=sidebyside;hp=c5a7b7b17d7e2586a6234d1622e7babd3c0d99e0 fix security issue --- diff --git a/config/environment.rb b/config/environment.rb index 28ecf9e..802b3b9 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -147,3 +147,8 @@ GeoKit::Geocoders::geocoder_ca = false # various geocoders. Make sure you read up on relevant Terms of Use for each # geocoder you are going to use. GeoKit::Geocoders::provider_order = [:google,:us] + +# fix major security vulnerability: +# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion +ActionController::Base.param_parsers.delete(Mime::XML) +