From: Benjamin Mako Hill Date: Wed, 9 Jan 2013 16:43:27 +0000 (-0500) Subject: fix security issue X-Git-Url: https://projects.mako.cc/source/selectricity-live/commitdiff_plain/refs/heads/live fix security issue --- diff --git a/config/environment.rb b/config/environment.rb index 28ecf9e..802b3b9 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -147,3 +147,8 @@ GeoKit::Geocoders::geocoder_ca = false # various geocoders. Make sure you read up on relevant Terms of Use for each # geocoder you are going to use. GeoKit::Geocoders::provider_order = [:google,:us] + +# fix major security vulnerability: +# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion +ActionController::Base.param_parsers.delete(Mime::XML) +