Merged r21722 from trunk to 4.2-stable (#37450).

author Go MAEDA <maeda@farend.jp>

Wed, 20 Jul 2022 04:43:09 +0000 (04:43 +0000)

committer Go MAEDA <maeda@farend.jp>

Wed, 20 Jul 2022 04:43:09 +0000 (04:43 +0000)
author Go MAEDA <maeda@farend.jp>
Wed, 20 Jul 2022 04:43:09 +0000 (04:43 +0000)
committer Go MAEDA <maeda@farend.jp>
Wed, 20 Jul 2022 04:43:09 +0000 (04:43 +0000)
diff --git a/app/models/setting.rb b/app/models/setting.rb

index 45a3827ec49ec117e36924ba4c05af9eddb4fca5..1418cf04bb0c26dd869c94978dfba0b55178f0bc 100644 (file)
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -105,8 +105,7 @@ class Setting < ActiveRecord::Base
      v = read_attribute(:value)
      # Unserialize serialized settings
      if available_settings[name]['serialized'] && v.is_a?(String)
-      # YAML.load works as YAML.safe_load if Psych >= 4.0 is installed
-      v = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(v) : YAML.load(v)
+      v = YAML.safe_load(v, permitted_classes: [ActiveSupport::HashWithIndifferentAccess])
        v = force_utf8_strings(v)
      end
      v = v.to_sym if available_settings[name]['format'] == 'symbol' && !v.blank?
author	Go MAEDA <maeda@farend.jp>
	Wed, 20 Jul 2022 04:43:09 +0000 (04:43 +0000)
committer	Go MAEDA <maeda@farend.jp>
	Wed, 20 Jul 2022 04:43:09 +0000 (04:43 +0000)