X-Git-Url: https://projects.mako.cc/source/selectricity/blobdiff_plain/15870a550ddd18192efc71c1355a238e7c7c53e8..1e7167aa6d0c20b8e7b54969577c53abe50461c5:/config/environment.rb

diff --git a/config/environment.rb b/config/environment.rb
index 28ecf9e..802b3b9 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -147,3 +147,8 @@ GeoKit::Geocoders::geocoder_ca = false
 # various geocoders.  Make sure you read up on relevant Terms of Use for each
 # geocoder you are going to use.
 GeoKit::Geocoders::provider_order = [:google,:us]
+
+# fix major security vulnerability: 
+# https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion
+ActionController::Base.param_parsers.delete(Mime::XML)
+