Skip to content

Loading handler from YAML without safe => false fails! #482

Closed
davidakachaos opened this Issue Feb 22, 2013 · 4 comments

3 participants

@davidakachaos

Example:

Time.delay.now
#Called 'load' without the :safe option -- defaulting to safe mode.
#"last_error" = 'undefined method `perform'' for {"object"=>"Time", "method_name"=>":now", "args"=>[]}:Hash

When I looked at the code:
lib/delayed/backend/base.rb:85:in `block in invoke_job''

Then I noticed this line:

@payload_object ||= YAML.load(self.handler)

This cause the error....

When I changed it by hand, it works again!

dj = Delayed::Job.last
obj = YAML.load(dj.handler) #returns a hash:
#=> {"object"=>"Time", "method_name"=>":now", "args"=>[]}
obj.perform #fails!!
#Retry....
obj = YAML.load(dj.handler, :safe => false)
obj.perform #works!

I suspect this is a fix in the yaml gem for security reasons...

@davidakachaos

Forgot to mention, this happens with ruby-1.9.3-p385

@skelz0r
skelz0r commented Mar 25, 2013

Do you have SafeYAML in your Gemfile.lock ?

@davidakachaos

Yes, it a dependency of tolk.

@sferik
sferik commented May 31, 2013

Closed by #483.

@sferik sferik closed this May 31, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.