]> source.dussan.org Git - redmine.git/commitdiff
Use the classes whitelist configured in application.rb instead of hardcoded classes...
authorGo MAEDA <maeda@farend.jp>
Thu, 25 Aug 2022 13:47:04 +0000 (13:47 +0000)
committerGo MAEDA <maeda@farend.jp>
Thu, 25 Aug 2022 13:47:04 +0000 (13:47 +0000)
Patch by Jens Krämer.

git-svn-id: https://svn.redmine.org/redmine/trunk@21777 e93f8b46-1217-0410-a6f0-8f06a7374b81

app/models/setting.rb

index aa27d9ecfa39b1e1dc7319baf76a6a6cf0d797e5..e2ff236be51d5dd19739e5d23680307e79d40efe 100644 (file)
@@ -108,7 +108,7 @@ class Setting < ActiveRecord::Base
     v = read_attribute(:value)
     # Unserialize serialized settings
     if available_settings[name]['serialized'] && v.is_a?(String)
-      v = YAML.safe_load(v, permitted_classes: [Symbol, ActiveSupport::HashWithIndifferentAccess])
+      v = YAML.safe_load(v, permitted_classes: Rails.configuration.active_record.yaml_column_permitted_classes)
       v = force_utf8_strings(v)
     end
     v = v.to_sym if available_settings[name]['format'] == 'symbol' && !v.blank?