diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/json/common.rb | 21 | ||||
| -rw-r--r-- | lib/json/pure/parser.rb | 8 | ||||
| -rw-r--r-- | lib/json/version.rb | 2 |
3 files changed, 19 insertions, 12 deletions
diff --git a/lib/json/common.rb b/lib/json/common.rb index e8e76b6..7fd2db3 100644 --- a/lib/json/common.rb +++ b/lib/json/common.rb @@ -293,21 +293,28 @@ module JSON attr_accessor :load_default_options end self.load_default_options = { - :max_nesting => false, - :allow_nan => true, - :quirks_mode => true, + :max_nesting => false, + :allow_nan => true, + :quirks_mode => true, + :create_additions => true, } # Load a ruby data structure from a JSON _source_ and return it. A source can # either be a string-like object, an IO-like object, or an object responding # to the read method. If _proc_ was given, it will be called with any nested - # Ruby object as an argument recursively in depth first order. The default - # options for the parser can be changed via the load_default_options method. + # Ruby object as an argument recursively in depth first order. To modify the + # default options pass in the optional _options_ argument as well. + # + # BEWARE: This method is meant to serialise data from trusted user input, + # like from your own database server or clients under your control, it could + # be dangerous to allow untrusted users to pass JSON sources into it. The + # default options for the parser can be changed via the load_default_options + # method. # # This method is part of the implementation of the load/dump interface of # Marshal and YAML. - def load(source, proc = nil) - opts = load_default_options + def load(source, proc = nil, options = {}) + opts = load_default_options.merge options if source.respond_to? :to_str source = source.to_str elsif source.respond_to? :to_io diff --git a/lib/json/pure/parser.rb b/lib/json/pure/parser.rb index 84eb67f..70a8edc 100644 --- a/lib/json/pure/parser.rb +++ b/lib/json/pure/parser.rb @@ -63,9 +63,9 @@ module JSON # * *symbolize_names*: If set to true, returns symbols for the names # (keys) in a JSON object. Otherwise strings are returned, which is also # the default. - # * *create_additions*: If set to false, the Parser doesn't create - # additions even if a matchin class and create_id was found. This option - # defaults to true. + # * *create_additions*: If set to true, the Parser creates + # additions when if a matching class and create_id was found. This + # option defaults to false. # * *object_class*: Defaults to Hash # * *array_class*: Defaults to Array # * *quirks_mode*: Enables quirks_mode for parser, that is for example @@ -88,7 +88,7 @@ module JSON if opts.key?(:create_additions) @create_additions = !!opts[:create_additions] else - @create_additions = true + @create_additions = false end @create_id = @create_additions ? JSON.create_id : nil @object_class = opts[:object_class] || Hash diff --git a/lib/json/version.rb b/lib/json/version.rb index c74e914..d02b58c 100644 --- a/lib/json/version.rb +++ b/lib/json/version.rb @@ -1,6 +1,6 @@ module JSON # JSON version - VERSION = '1.6.7' + VERSION = '1.6.8' VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc: VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc: VERSION_MINOR = VERSION_ARRAY[1] # :nodoc: |