Skip to content

Loading handler from YAML without safe => false fails! #482

davidakachaos opened this Issue Feb 22, 2013 · 4 comments

3 participants


#Called 'load' without the :safe option -- defaulting to safe mode.
#"last_error" = 'undefined method `perform'' for {"object"=>"Time", "method_name"=>":now", "args"=>[]}:Hash

When I looked at the code:
lib/delayed/backend/base.rb:85:in `block in invoke_job''

Then I noticed this line:

@payload_object ||= YAML.load(self.handler)

This cause the error....

When I changed it by hand, it works again!

dj = Delayed::Job.last
obj = YAML.load(dj.handler) #returns a hash:
#=> {"object"=>"Time", "method_name"=>":now", "args"=>[]}
obj.perform #fails!!
obj = YAML.load(dj.handler, :safe => false)
obj.perform #works!

I suspect this is a fix in the yaml gem for security reasons...


Forgot to mention, this happens with ruby-1.9.3-p385

skelz0r commented Mar 25, 2013

Do you have SafeYAML in your Gemfile.lock ?


Yes, it a dependency of tolk.

sferik commented May 31, 2013

Closed by #483.

@sferik sferik closed this May 31, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.