commit 360faad02288a6d4a6c565ec6eaeb9495d0e2389
parent 54eadcc658b93402bb6704273fb66c9c2b44f811
Author: Dan Callaghan <djc@djc.id.au>
Date: Tue, 19 Apr 2022 21:05:43 +1000
use YAML::unsafe_load on Ruby 3.1+
In Ruby 3.1, Psych changed behaviour to make the YAML::load method be an
alias for safe_load, which has a restrictive whitelist of classes which
can be instantiated by the YAML. A new method YAML::unsafe_load gives
the old behaviour, allowing any class to be instantiated.
Sup only parses YAML from trusted sources (the user's config files) so
use YAML::unsafe_load when it's available, to get the old behaviour.
Diffstat:
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/sup.rb b/lib/sup.rb
@@ -143,7 +143,11 @@ module Redwood
end
## fix up malformed tag URIs created by earlier versions of sup
raw_contents.gsub!(/!supmua.org,2006-10-01\/(\S*)$/) { |m| "!<tag:supmua.org,2006-10-01/#{$1}>" }
- YAML::load raw_contents
+ if YAML.respond_to?(:unsafe_load) # Ruby 3.1+
+ YAML::unsafe_load raw_contents
+ else
+ YAML::load raw_contents
+ end
end
if o.is_a?(Array)
o.each { |x| x.after_unmarshal! if x.respond_to?(:after_unmarshal!) }