From 0c6d56365ae170b0c224d540c864e64a4b2c3fbe Mon Sep 17 00:00:00 2001 From: Parker Moore Date: Sun, 10 Feb 2013 19:07:05 +0100 Subject: [PATCH 1/3] Upgrading to safe_yaml v0.7 --- jekyll.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jekyll.gemspec b/jekyll.gemspec index dcb2c909..87b5778e 100644 --- a/jekyll.gemspec +++ b/jekyll.gemspec @@ -30,7 +30,7 @@ Gem::Specification.new do |s| s.add_runtime_dependency('kramdown', "~> 0.14.1") s.add_runtime_dependency('pygments.rb', "~> 0.3.2") s.add_runtime_dependency('commander', "~> 4.1.3") - s.add_runtime_dependency('safe_yaml', "~> 0.4") + s.add_runtime_dependency('safe_yaml', "~> 0.7") s.add_development_dependency('rake', "~> 10.0.3") s.add_development_dependency('rdoc', "~> 3.11") From 11eb1ecae16dee459053db5ff5d8d4800e2bec02 Mon Sep 17 00:00:00 2001 From: Parker Moore Date: Sun, 10 Feb 2013 19:07:38 +0100 Subject: [PATCH 2/3] Safe loading of files and YAML. --- lib/jekyll.rb | 4 +++- lib/jekyll/convertible.rb | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/jekyll.rb b/lib/jekyll.rb index 2c1ab0e6..f58f3beb 100644 --- a/lib/jekyll.rb +++ b/lib/jekyll.rb @@ -48,6 +48,8 @@ require_all 'jekyll/converters' require_all 'jekyll/generators' require_all 'jekyll/tags' +SafeYAML::OPTIONS[:suppress_warnings] = true + module Jekyll VERSION = '0.12.0' @@ -130,7 +132,7 @@ module Jekyll # Get configuration from /_config.yml config_file = File.join(source, '_config.yml') begin - config = YAML.load_file(config_file) + config = YAML.safe_load_file(config_file) raise "Invalid configuration - #{config_file}" if !config.is_a?(Hash) $stdout.puts "Configuration from #{config_file}" rescue => err diff --git a/lib/jekyll/convertible.rb b/lib/jekyll/convertible.rb index e71fe1bf..952fd670 100644 --- a/lib/jekyll/convertible.rb +++ b/lib/jekyll/convertible.rb @@ -30,7 +30,7 @@ module Jekyll if self.content =~ /\A(---\s*\n.*?\n?)^(---\s*$\n?)/m self.content = $POSTMATCH - self.data = YAML.load($1) + self.data = YAML.safe_load($1) end rescue => e puts "Error reading file #{File.join(base, name)}: #{e.message}" From c7c0a9432c08287d2f9f371d44fae88f039b01ef Mon Sep 17 00:00:00 2001 From: Parker Moore Date: Sun, 10 Feb 2013 19:09:36 +0100 Subject: [PATCH 3/3] Updating tests for safe_yaml. --- test/test_configuration.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/test_configuration.rb b/test/test_configuration.rb index 76e8a812..49415de8 100644 --- a/test/test_configuration.rb +++ b/test/test_configuration.rb @@ -7,20 +7,20 @@ class TestConfiguration < Test::Unit::TestCase end should "fire warning with no _config.yml" do - mock(YAML).load_file(@path) { raise "No such file or directory - #{@path}" } + mock(YAML).safe_load_file(@path) { raise "No such file or directory - #{@path}" } mock($stderr).puts("WARNING: Could not read configuration. Using defaults (and options).") mock($stderr).puts("\tNo such file or directory - #{@path}") assert_equal Jekyll::DEFAULTS, Jekyll.configuration({}) end should "load configuration as hash" do - mock(YAML).load_file(@path) { Hash.new } + mock(YAML).safe_load_file(@path) { Hash.new } mock($stdout).puts("Configuration from #{@path}") assert_equal Jekyll::DEFAULTS, Jekyll.configuration({}) end should "fire warning with bad config" do - mock(YAML).load_file(@path) { Array.new } + mock(YAML).safe_load_file(@path) { Array.new } mock($stderr).puts("WARNING: Could not read configuration. Using defaults (and options).") mock($stderr).puts("\tInvalid configuration - #{@path}") assert_equal Jekyll::DEFAULTS, Jekyll.configuration({})