diff options
author | Dennis Schubert <mail@dennis-schubert.de> | 2016-01-26 17:18:02 +0300 |
---|---|---|
committer | Dennis Schubert <mail@dennis-schubert.de> | 2016-01-26 17:18:02 +0300 |
commit | ad20bb052c87622aaea6e77dae615c0e7d6ee34c (patch) | |
tree | d63b8b11e36d43cb61f023fa70d943a23ca0b403 | |
parent | 72fe5a79c22f26e3581c1c241425a332e829d45e (diff) |
Fix include_root_in_json misusev0.5.6.3
since it is no longer exposed for instances, our post_presenter failed
hard.
-rw-r--r-- | Changelog.md | 3 | ||||
-rw-r--r-- | app/models/post.rb | 2 | ||||
-rw-r--r-- | app/presenters/post_presenter.rb | 1 |
3 files changed, 5 insertions, 1 deletions
diff --git a/Changelog.md b/Changelog.md index aa6b06af6..d6aef13cf 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,8 @@ # 0.5.6.3 +Fix evil regression caused by Active Model no longer exposing +`include_root_in_json` in instances. + # 0.5.6.2 * Fix [CVE-2016-0751](https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc) - Possible Object Leak and Denial of Service attack in Action Pack diff --git a/app/models/post.rb b/app/models/post.rb index e59576085..da0461b89 100644 --- a/app/models/post.rb +++ b/app/models/post.rb @@ -3,6 +3,8 @@ # the COPYRIGHT file. class Post < ActiveRecord::Base + self.include_root_in_json = false + include ApplicationHelper include Diaspora::Federated::Shareable diff --git a/app/presenters/post_presenter.rb b/app/presenters/post_presenter.rb index b1df1a917..7eb4581bd 100644 --- a/app/presenters/post_presenter.rb +++ b/app/presenters/post_presenter.rb @@ -9,7 +9,6 @@ class PostPresenter < BasePresenter end def as_json(_options={}) - @post.include_root_in_json = false @post.as_json(only: directly_retrieved_attributes).merge(non_directly_retrieved_attributes) end |