diff options
| author | Florian Frank <flori@ping.de> | 2013-02-04 23:28:30 +0100 |
|---|---|---|
| committer | Florian Frank <flori@ping.de> | 2013-02-10 18:21:37 +0100 |
| commit | 79fa7f352bae842017c885101a556875600fb468 (patch) | |
| tree | cec7e7246b943f3a9eff92a1a54ff8e7088035c5 /lib/json/common.rb | |
| parent | 3dab4c5a6a97fac03dacf19446b9ff2a6b397591 (diff) | |
| download | json-fix-additions-problem-v1.5.5.tar.gz | |
Security fix create_additons problem 1.5.5v1.5.5fix-additions-problem-v1.5.5
Diffstat (limited to 'lib/json/common.rb')
| -rw-r--r-- | lib/json/common.rb | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/json/common.rb b/lib/json/common.rb index 43e249c..9ad1fab 100644 --- a/lib/json/common.rb +++ b/lib/json/common.rb @@ -141,7 +141,7 @@ module JSON # the default. # * *create_additions*: If set to false, the Parser doesn't create # additions even if a matching class and create_id was found. This option - # defaults to true. + # defaults to false. # * *object_class*: Defaults to Hash # * *array_class*: Defaults to Array def parse(source, opts = {}) @@ -162,7 +162,7 @@ module JSON # to true. # * *create_additions*: If set to false, the Parser doesn't create # additions even if a matching class and create_id was found. This option - # defaults to true. + # defaults to false. def parse!(source, opts = {}) opts = { :max_nesting => false, @@ -287,11 +287,18 @@ module JSON # Load a ruby data structure from a JSON _source_ and return it. A source can # either be a string-like object, an IO-like object, or an object responding # to the read method. If _proc_ was given, it will be called with any nested - # Ruby object as an argument recursively in depth first order. + # Ruby object as an argument recursively in depth first order. To modify the + # default options pass in the optional _options_ argument as well. # # This method is part of the implementation of the load/dump interface of # Marshal and YAML. - def load(source, proc = nil) + def load(source, proc = nil, options = {}) + load_default_options = { + :max_nesting => false, + :allow_nan => true, + :create_additions => false + } + opts = load_default_options.merge options if source.respond_to? :to_str source = source.to_str elsif source.respond_to? :to_io @@ -299,7 +306,7 @@ module JSON else source = source.read end - result = parse(source, :max_nesting => false, :allow_nan => true) + result = parse(source, opts) recurse_proc(result, &proc) if proc result end |