Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Methods that return nil should not be considered YAML #8853

Merged
merged 1 commit into from
Jan 9, 2013
Merged

Methods that return nil should not be considered YAML #8853

merged 1 commit into from
Jan 9, 2013

Conversation

zmoazeni
Copy link

@zmoazeni zmoazeni commented Jan 9, 2013

This is a direct port of @jaw6's pull request
#492. His cleanly applied to Rails
v3.1 and v3.2, and this cleanly applies to v3.0.

With yesterday's security patches
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
there is now an issue with Rails v3.0 serving XML to any of the latest
versions of ActiveResource.

Without this, Rails v3.0 can serve XML to ActiveResource consumers that
will see Hash::DisallowedType: Disallowed type attribute: "yaml"

@carlosantoniodasilva
Copy link
Member

It should get a changelog entry, can you please add one? Thanks.

@zmoazeni
Copy link
Author

zmoazeni commented Jan 9, 2013

@carlosantoniodasilva would you want it as a note in a v3.0.20 release in the CHANGELOGs?

@carlosantoniodasilva
Copy link
Member

@zmoazeni yes, you can follow PR #8846 that was merged to 3-1, but add (unreleased) after the version. I'll change there as well. Thanks.

@zmoazeni
Copy link
Author

zmoazeni commented Jan 9, 2013

@carlosantoniodasilva Just updated the commit. I only updated the CHANGELOG of activemodel. Let me know if you need anything else!

@carlosantoniodasilva
Copy link
Member

Seems fine, I'll just ask you to elaborate the changelog a little bit more with what's actually being fixed (ie the pull request title with minor tweaks seems to describe it better I think). Wdyt?

@zmoazeni
Copy link
Author

zmoazeni commented Jan 9, 2013

Actually I changed the wrong CHANGELOG. Fixing.

@zmoazeni
Methods that return nil should not be considered YAML
477f0e7 
This is a direct port of @jaw6's pull request
rails#492. His cleanly applied to Rails
v3.1 and v3.2, and this cleanly applies to v3.0.

With yesterday's security patches
http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/
there is now an issue with Rails v3.0 serving XML to any of the latest
versions of ActiveResource.

Without this, Rails v3.0 can serve XML to ActiveResource consumers that
will see `Hash::DisallowedType: Disallowed type attribute: "yaml"`
@zmoazeni
Copy link
Author

zmoazeni commented Jan 9, 2013

@carlosantoniodasilva Alrighty. Updated again.

carlosantoniodasilva added a commit that referenced this pull request Jan 9, 2013
@carlosantoniodasilva
Merge pull request #8853 from zmoazeni/3-0-xml-serialization-fix
583e5fd 
Methods that return nil should not be considered YAML
@carlosantoniodasilva carlosantoniodasilva merged commit 583e5fd into rails:3-0-stable Jan 9, 2013
@carlosantoniodasilva
Copy link
Member

Great, thank you.

@kainosnoema kainosnoema mentioned this pull request Jan 11, 2013
Merged
@saten
Copy link

saten commented Jan 13, 2013

What if I am consuming an active resource api exposed by a rails 2.3.15 application, let's say reading a model which has a serialized attribute?

This commit can be ported in lib/active_record/serializers/xml_serializer.rb to fix the problem with nil values, but I've no idea how to work around the serialized field issue.

Any ideas?

@grosser
Copy link
Contributor

grosser commented Jan 21, 2013

FYI monkey-patch:

if Rails.version == "3.0.19"
  ActiveModel::Serializers::Xml::Serializer::Attribute.class_eval do
    def compute_type_with_nil
      return if value.nil?
      compute_type_without_nil
    end
    alias_method_chain :compute_type, :nil
  end
else
  raise "remove this #{__FILE__}"
end

@zmoazeni zmoazeni deleted the 3-0-xml-serialization-fix branch June 8, 2017 03:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@zmoazeni @carlosantoniodasilva @saten @grosser