Merge pull request #4193 from nashby/remove-old-rexml-security-fix

remove rexml security fix for rubies 1.8

Merge pull request #4193 from nashby/remove-old-rexml-security-fix
remove rexml security fix for rubies 1.8
bec7cf2d · José Valim · 9fffef5f · 2ba1f460 · 9fffef5f · bec7cf2d
Showing with 0 addition and 48 deletion

activesupport/lib/active_support/core_ext/rexml.rb activesupport/lib/active_support/core_ext/rexml.rb +0 -46

activesupport/lib/active_support/ruby/shim.rb activesupport/lib/active_support/ruby/shim.rb +0 -2

未找到文件。
--- a/activesupport/lib/active_support/core_ext/rexml.rb
+++ b/activesupport/lib/active_support/core_ext/rexml.rb
-require 'active_support/core_ext/kernel/reporting'
-
-# Fixes the rexml vulnerability disclosed at:
-# http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/
-# This fix is identical to rexml-expansion-fix version 1.0.1.
-#
-# We still need to distribute this fix because albeit the REXML
-# in recent 1.8.7s is patched, it wasn't in early patchlevels.
-require 'rexml/rexml'
-
-# Earlier versions of rexml defined REXML::Version, newer ones REXML::VERSION
-unless (defined?(REXML::VERSION) ? REXML::VERSION : REXML::Version) > "3.1.7.2"
-  silence_warnings { require 'rexml/document' }
-
-  # REXML in 1.8.7 has the patch but early patchlevels didn't update Version from 3.1.7.2.
-  unless REXML::Document.respond_to?(:entity_expansion_limit=)
-    silence_warnings { require 'rexml/entity' }
-
-    module REXML #:nodoc:
-      class Entity < Child #:nodoc:
-        undef_method :unnormalized
-        def unnormalized
-          document.record_entity_expansion! if document
-          v = value()
-          return nil if v.nil?
-          @unnormalized = Text::unnormalize(v, parent)
-          @unnormalized
-        end
-      end
-      class Document < Element #:nodoc:
-        @@entity_expansion_limit = 10_000
-        def self.entity_expansion_limit= val
-          @@entity_expansion_limit = val
-        end
-
-        def record_entity_expansion!
-          @number_of_expansions ||= 0
-          @number_of_expansions += 1
-          if @number_of_expansions > @@entity_expansion_limit
-            raise "Number of entity expansions exceeded, processing aborted."
-          end
-        end
-      end
-    end
-  end
-end
--- a/activesupport/lib/active_support/ruby/shim.rb
+++ b/activesupport/lib/active_support/ruby/shim.rb
@@ -4,7 +4,6 @@
 # Date        next_year, next_month
 # DateTime    to_date, to_datetime, xmlschema
 # Enumerable  group_by, none?
-# REXML       security fix
 # String      ord
 # Time        to_date, to_time, to_datetime
 require 'active_support'
@@ -14,5 +13,4 @@
 require 'active_support/core_ext/string/conversions'
 require 'active_support/core_ext/string/interpolation'
 require 'active_support/core_ext/string/encoding'
-require 'active_support/core_ext/rexml'
 require 'active_support/core_ext/time/conversions'