Merge pull request #807 from mojombo/safeyaml-warnings

Fix SafeYAML Warnings
2013-02-19 03:01:27 -08:00 · 2013-02-19 03:01:27 -08:00 · d361a70391
parent ac8c7a0944 c7c0a9432c
commit d361a70391
4 changed files with 8 additions and 6 deletions
--- a/jekyll.gemspec
+++ b/jekyll.gemspec
@ -30,7 +30,7 @@ Gem::Specification.new do |s|
  s.add_runtime_dependency('kramdown', "~> 0.14")
  s.add_runtime_dependency('pygments.rb', "~> 0.3.2")
  s.add_runtime_dependency('commander', "~> 4.1.3")
-  s.add_runtime_dependency('safe_yaml', "~> 0.4")
+  s.add_runtime_dependency('safe_yaml', "~> 0.7")
  s.add_development_dependency('rake', "~> 10.0.3")
  s.add_development_dependency('rdoc', "~> 3.11")
--- a/lib/jekyll.rb
+++ b/lib/jekyll.rb
@ -48,6 +48,8 @@ require_all 'jekyll/converters'
 require_all 'jekyll/generators'
 require_all 'jekyll/tags'
 SafeYAML::OPTIONS[:suppress_warnings] = true
 module Jekyll
  VERSION = '0.12.0'
@ -130,7 +132,7 @@ module Jekyll
    # Get configuration from <source>/_config.yml
    config_file = File.join(source, '_config.yml')
    begin
-      config = YAML.load_file(config_file)
+      config = YAML.safe_load_file(config_file)
      raise "Invalid configuration - #{config_file}" if !config.is_a?(Hash)
      $stdout.puts "Configuration from #{config_file}"
    rescue => err
--- a/lib/jekyll/convertible.rb
+++ b/lib/jekyll/convertible.rb
@ -30,7 +30,7 @@ module Jekyll
        if self.content =~ /\A(---\s*\n.*?\n?)^(---\s*$\n?)/m
          self.content = $POSTMATCH
-          self.data = YAML.load($1)
+          self.data = YAML.safe_load($1)
        end
      rescue => e
        puts "Error reading file #{File.join(base, name)}: #{e.message}"
--- a/test/test_configuration.rb
+++ b/test/test_configuration.rb
@ -7,20 +7,20 @@ class TestConfiguration < Test::Unit::TestCase
    end
    should "fire warning with no _config.yml" do
-      mock(YAML).load_file(@path) { raise "No such file or directory - #{@path}" }
+      mock(YAML).safe_load_file(@path) { raise "No such file or directory - #{@path}" }
      mock($stderr).puts("WARNING: Could not read configuration. Using defaults (and options).")
      mock($stderr).puts("\tNo such file or directory - #{@path}")
      assert_equal Jekyll::DEFAULTS, Jekyll.configuration({})
    end
    should "load configuration as hash" do
-      mock(YAML).load_file(@path) { Hash.new }
+      mock(YAML).safe_load_file(@path) { Hash.new }
      mock($stdout).puts("Configuration from #{@path}")
      assert_equal Jekyll::DEFAULTS, Jekyll.configuration({})
    end
    should "fire warning with bad config" do
-      mock(YAML).load_file(@path) { Array.new }
+      mock(YAML).safe_load_file(@path) { Array.new }
      mock($stderr).puts("WARNING: Could not read configuration. Using defaults (and options).")
      mock($stderr).puts("\tInvalid configuration - #{@path}")
      assert_equal Jekyll::DEFAULTS, Jekyll.configuration({})