Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Fix #8832 - Parse '{"person":[]}' JSON/XML as {'person' => []}. #9111

merged 1 commit into from Jan 30, 2013


None yet
6 participants

jsomara commented Jan 29, 2013

submitting @ndbroadbent 's patch for the 3.0 stable branch, as the bug introduced by the fix for CVE-2013-0155 applies to 3.0 as well

please see #8862 for details on the issue

@mhuggins mhuggins commented on the diff Jan 29, 2013

@@ -263,9 +263,12 @@ def deep_munge(hash)
hash.each do |k, v|
case v
when Array
+ if v.size > 0 && v.all?(&:nil?)
+ hash[k] = nil
+ next
+ end

mhuggins Jan 29, 2013

It looks like your code will convert this JSON:


to this Ruby hash:

{"person": nil}

Is that right?


ndbroadbent Jan 29, 2013


Yes, that's right.

After thinking about it some more, I personally think [null] is a valid query, and the problem should be solved with something like .query_present?, that returns false for "", nil, [], [nil], [""], etc.


steveklabnik commented Jan 29, 2013

3.0 stable does not receive bug fixes any more, so I cannot accept this, sorry.

@tenderlove tenderlove reopened this Jan 30, 2013

@tenderlove tenderlove added a commit that referenced this pull request Jan 30, 2013

@tenderlove tenderlove Merge pull request #9111 from jsomara/3-0-json-fix
Fix #8832 - Parse '{"person":[]}' JSON/XML as {'person' => []}.

@tenderlove tenderlove merged commit 10513d2 into rails:3-0-stable Jan 30, 2013

Isn't this line still problematic? Shouldn't this be set to an empty array?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment