Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
2ba1f460
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
2ba1f460
编写于
12月 26, 2011
作者:
V
Vasiliy Ermolovich
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
remove rexml security fix for rubies 1.8
上级
9fffef5f
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
0 addition
and
48 deletion
+0
-48
activesupport/lib/active_support/core_ext/rexml.rb
activesupport/lib/active_support/core_ext/rexml.rb
+0
-46
activesupport/lib/active_support/ruby/shim.rb
activesupport/lib/active_support/ruby/shim.rb
+0
-2
未找到文件。
activesupport/lib/active_support/core_ext/rexml.rb
已删除
100644 → 0
浏览文件 @
9fffef5f
require
'active_support/core_ext/kernel/reporting'
# Fixes the rexml vulnerability disclosed at:
# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
# This fix is identical to rexml-expansion-fix version 1.0.1.
#
# We still need to distribute this fix because albeit the REXML
# in recent 1.8.7s is patched, it wasn't in early patchlevels.
require
'rexml/rexml'
# Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
unless
(
defined?
(
REXML
::
VERSION
)
?
REXML
::
VERSION
:
REXML
::
Version
)
>
"3.1.7.2"
silence_warnings
{
require
'rexml/document'
}
# REXML in 1.8.7 has the patch but early patchlevels didn't update Version from 3.1.7.2.
unless
REXML
::
Document
.
respond_to?
(
:entity_expansion_limit
=
)
silence_warnings
{
require
'rexml/entity'
}
module
REXML
#:nodoc:
class
Entity
<
Child
#:nodoc:
undef_method
:unnormalized
def
unnormalized
document
.
record_entity_expansion!
if
document
v
=
value
()
return
nil
if
v
.
nil?
@unnormalized
=
Text
::
unnormalize
(
v
,
parent
)
@unnormalized
end
end
class
Document
<
Element
#:nodoc:
@@entity_expansion_limit
=
10_000
def
self
.
entity_expansion_limit
=
val
@@entity_expansion_limit
=
val
end
def
record_entity_expansion!
@number_of_expansions
||=
0
@number_of_expansions
+=
1
if
@number_of_expansions
>
@@entity_expansion_limit
raise
"Number of entity expansions exceeded, processing aborted."
end
end
end
end
end
end
activesupport/lib/active_support/ruby/shim.rb
浏览文件 @
2ba1f460
...
...
@@ -4,7 +4,6 @@
# Date next_year, next_month
# DateTime to_date, to_datetime, xmlschema
# Enumerable group_by, none?
# REXML security fix
# String ord
# Time to_date, to_time, to_datetime
require
'active_support'
...
...
@@ -14,5 +13,4 @@
require
'active_support/core_ext/string/conversions'
require
'active_support/core_ext/string/interpolation'
require
'active_support/core_ext/string/encoding'
require
'active_support/core_ext/rexml'
require
'active_support/core_ext/time/conversions'
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录