Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upDefault I18n.enforce_available_locales to true #13341
Merged
Conversation
We will default this option to true from now on to ensure users properly handle their list of available locales whenever necessary. This option was added as a security measure and thus Rails will follow it defaulting to secure option. Also improve the handling of I18n config options in its railtie, taking the new enforce_available_locales option into account, by setting it as the last one in the process. This ensures no other configuration will trigger a deprecation warning due to that setting.
…locales handling
The option enforce_available_locales is only available on latest versions, so require the last available one which has the option + other related fixes and should not have backward compatibility issues.
|
|
carlosantoniodasilva
added a commit
that referenced
this pull request
Dec 17, 2013
Default I18n.enforce_available_locales to true We will default this option to true from now on to ensure users properly handle their list of available locales whenever necessary. This option was added as a security measure and thus Rails will follow it defaulting to secure option. Also improve the handling of I18n config options in its railtie, taking the new enforce_available_locales option into account, by setting it as the last one in the process. This ensures no other configuration will trigger a deprecation warning due to that setting.
carlosantoniodasilva
merged commit ae196e8
into
rails:master
1 check passed
1 check passed
carlosantoniodasilva
added a commit
that referenced
this pull request
Dec 23, 2013
Default I18n.enforce_available_locales to true We will default this option to true from now on to ensure users properly handle their list of available locales whenever necessary. This option was added as a security measure and thus Rails will follow it defaulting to secure option. Also improve the handling of I18n config options in its railtie, taking the new enforce_available_locales option into account, by setting it as the last one in the process. This ensures no other configuration will trigger a deprecation warning due to that setting. Conflicts: actionview/test/abstract_unit.rb activesupport/CHANGELOG.md activesupport/activesupport.gemspec activesupport/lib/active_support/i18n_railtie.rb activesupport/test/abstract_unit.rb guides/source/upgrading_ruby_on_rails.md railties/test/application/initializers/i18n_test.rb
This comment has been minimized.
This comment has been minimized.
jordimassaguerpla
commented on c445c6d
Jan 14, 2014
|
Does this mean that if we don't apply this commit and we don't explicitely set any value to I18n.enforce_available_locales, are our applications vulnerable? thanks. |
This comment has been minimized.
This comment has been minimized.
|
@jordimassaguerpla your application is likely to be vulnerable if you allow the locale to be set by any user input, and you do not set |
This comment has been minimized.
This comment has been minimized.
jordimassaguerpla
replied
Jan 14, 2014
|
@carlosantoniodasilva : thanks a lot for the clarification. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
carlosantoniodasilva commentedDec 16, 2013
We will default this option to true from now on to ensure users properly handle their list of available locales whenever necessary. This option was added as a security measure and thus Rails will follow it defaulting to secure option.
Also improve the handling of I18n config options in its railtie, taking the new enforce_available_locales option into account, by setting it as the last one in the process. This ensures no other configuration will trigger a deprecation warning due to that setting.