kolan
/
obsolete.ChilliProject
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Bump json gem to a safe version for CVE-2013-0269, CVE-2013-0333

This commit is contained in:
Holger Just 2013-02-12 12:49:00 +01:00
parent 0b567641bc
commit 6d3dc6e619
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@ -3,6 +3,7 @@ source :rubygems
gem "rails", "2.3.17" gem "rails", "2.3.17"
gem "json", "~> 1.7.7"
gem "coderay", "~> 1.0.0" gem "coderay", "~> 1.0.0"
gem "i18n", "~> 0.4.2" gem "i18n", "~> 0.4.2"
gem "rubytree", "~> 0.5.2", :require => 'tree' gem "rubytree", "~> 0.5.2", :require => 'tree'

4
config/initializers/10-patches.rb
View File

@ -212,3 +212,7 @@ module ActionView::Helpers::TagHelper
ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] } ActiveSupport::Multibyte.clean(html.to_s).gsub(/[\"\'><]|&(?!([a-zA-Z]+|(#\d+));)/) { |special| ERB::Util::HTML_ESCAPE[special] }
end end
end end
# Workaround for CVE-2013-0333
# https://groups.google.com/forum/?fromgroups=#!msg/rubyonrails-security/1h2DR63ViGo/GOUVafeaF1IJ
ActiveSupport::JSON.backend = "JSONGem"