Psych 4: Psych::DisallowedClass exception when unserializing a setting value (#36226).

Patch by Go MAEDA. git-svn-id: http://svn.redmine.org/redmine/trunk@21294 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Go MAEDA <maeda@farend.jp> 2021-11-25 05:48:04 +0000
committer: Go MAEDA <maeda@farend.jp> 2021-11-25 05:48:04 +0000
commit: 5865edeba731bdb5a0e5bff17c6ec3ba08d941e7 (patch)
tree: f50da529c1f642eeea5e49d0695b6778c54b221e /app
parent: 056a622b628afcdcc8c75429720f167b2da0482e (diff)
download: redmine-5865edeba731bdb5a0e5bff17c6ec3ba08d941e7.tar.gz
redmine-5865edeba731bdb5a0e5bff17c6ec3ba08d941e7.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/app/models/setting.rb b/app/models/setting.rb
index dfa054028..096833056 100644
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -106,7 +106,8 @@ class Setting < ActiveRecord::Base
     v = read_attribute(:value)
     # Unserialize serialized settings
     if available_settings[name]['serialized'] && v.is_a?(String)
-      v = YAML::load(v)
+      # YAML.load works as YAML.safe_load if Psych >= 4.0 is installed
+      v = YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(v) : YAML.load(v)
       v = force_utf8_strings(v)
     end
     v = v.to_sym if available_settings[name]['format'] == 'symbol' && !v.blank?
author	Go MAEDA <maeda@farend.jp>	2021-11-25 05:48:04 +0000
committer	Go MAEDA <maeda@farend.jp>	2021-11-25 05:48:04 +0000
commit	5865edeba731bdb5a0e5bff17c6ec3ba08d941e7 (patch)
tree	f50da529c1f642eeea5e49d0695b6778c54b221e /app
parent	056a622b628afcdcc8c75429720f167b2da0482e (diff)
download	redmine-5865edeba731bdb5a0e5bff17c6ec3ba08d941e7.tar.gz redmine-5865edeba731bdb5a0e5bff17c6ec3ba08d941e7.zip