Fix include_root_in_json misusev0.5.6.3

since it is no longer exposed for instances, our post_presenter failed hard.
author: Dennis Schubert <mail@dennis-schubert.de> 2016-01-26 17:18:02 +0300
committer: Dennis Schubert <mail@dennis-schubert.de> 2016-01-26 17:18:02 +0300
commit: ad20bb052c87622aaea6e77dae615c0e7d6ee34c (patch)
tree: d63b8b11e36d43cb61f023fa70d943a23ca0b403
parent: 72fe5a79c22f26e3581c1c241425a332e829d45e (diff)
3 files changed, 5 insertions, 1 deletions
diff --git a/Changelog.md b/Changelog.md
index aa6b06af6..d6aef13cf 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,8 @@
 # 0.5.6.3
 
+Fix evil regression caused by Active Model no longer exposing
+`include_root_in_json` in instances.
+
 # 0.5.6.2
 
 * Fix [CVE-2016-0751](https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc) - Possible Object Leak and Denial of Service attack in Action Pack
diff --git a/app/models/post.rb b/app/models/post.rb
index e59576085..da0461b89 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -3,6 +3,8 @@
 #   the COPYRIGHT file.
 
 class Post < ActiveRecord::Base
+  self.include_root_in_json = false
+
   include ApplicationHelper
 
   include Diaspora::Federated::Shareable
diff --git a/app/presenters/post_presenter.rb b/app/presenters/post_presenter.rb
index b1df1a917..7eb4581bd 100644
--- a/app/presenters/post_presenter.rb
+++ b/app/presenters/post_presenter.rb
@@ -9,7 +9,6 @@ class PostPresenter < BasePresenter
   end
 
   def as_json(_options={})
-    @post.include_root_in_json = false
     @post.as_json(only: directly_retrieved_attributes).merge(non_directly_retrieved_attributes)
   end
author	Dennis Schubert <mail@dennis-schubert.de>	2016-01-26 17:18:02 +0300
committer	Dennis Schubert <mail@dennis-schubert.de>	2016-01-26 17:18:02 +0300
commit	ad20bb052c87622aaea6e77dae615c0e7d6ee34c (patch)
tree	d63b8b11e36d43cb61f023fa70d943a23ca0b403
parent	72fe5a79c22f26e3581c1c241425a332e829d45e (diff)