Methods that return nil should not be considered YAML #8853

Merged
merged 1 commit into from Jan 9, 2013

Conversation

Projects
None yet
4 participants

zmoazeni commented Jan 9, 2013

This is a direct port of @jaw6's pull request
#492. His cleanly applied to Rails
v3.1 and v3.2, and this cleanly applies to v3.0.

With yesterday's security patches
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
there is now an issue with Rails v3.0 serving XML to any of the latest
versions of ActiveResource.

Without this, Rails v3.0 can serve XML to ActiveResource consumers that
will see Hash::DisallowedType: Disallowed type attribute: "yaml"

It should get a changelog entry, can you please add one? Thanks.

zmoazeni commented Jan 9, 2013

@carlosantoniodasilva would you want it as a note in a v3.0.20 release in the CHANGELOGs?

@zmoazeni yes, you can follow PR #8846 that was merged to 3-1, but add (unreleased) after the version. I'll change there as well. Thanks.

zmoazeni commented Jan 9, 2013

@carlosantoniodasilva Just updated the commit. I only updated the CHANGELOG of activemodel. Let me know if you need anything else!

Seems fine, I'll just ask you to elaborate the changelog a little bit more with what's actually being fixed (ie the pull request title with minor tweaks seems to describe it better I think). Wdyt?

zmoazeni commented Jan 9, 2013

Actually I changed the wrong CHANGELOG. Fixing.

@zmoazeni zmoazeni Methods that return nil should not be considered YAML
This is a direct port of @jaw6's pull request
#492. His cleanly applied to Rails
v3.1 and v3.2, and this cleanly applies to v3.0.

With yesterday's security patches
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
there is now an issue with Rails v3.0 serving XML to any of the latest
versions of ActiveResource.

Without this, Rails v3.0 can serve XML to ActiveResource consumers that
will see `Hash::DisallowedType: Disallowed type attribute: "yaml"`
477f0e7

zmoazeni commented Jan 9, 2013

@carlosantoniodasilva Alrighty. Updated again.

@carlosantoniodasilva carlosantoniodasilva added a commit that referenced this pull request Jan 9, 2013

@carlosantoniodasilva carlosantoniodasilva Merge pull request #8853 from zmoazeni/3-0-xml-serialization-fix
Methods that return nil should not be considered YAML
583e5fd

@carlosantoniodasilva carlosantoniodasilva merged commit 583e5fd into rails:3-0-stable Jan 9, 2013

Great, thank you.

saten commented Jan 13, 2013

What if I am consuming an active resource api exposed by a rails 2.3.15 application, let's say reading a model which has a serialized attribute?

This commit can be ported in lib/active_record/serializers/xml_serializer.rb to fix the problem with nil values, but I've no idea how to work around the serialized field issue.

Any ideas?

Contributor

grosser commented Jan 21, 2013

FYI monkey-patch:

if Rails.version == "3.0.19"
  ActiveModel::Serializers::Xml::Serializer::Attribute.class_eval do
    def compute_type_with_nil
      return if value.nil?
      compute_type_without_nil
    end
    alias_method_chain :compute_type, :nil
  end
else
  raise "remove this #{__FILE__}"
end

zmoazeni deleted the zmoazeni:3-0-xml-serialization-fix branch Jun 8, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment