From e28a52e05a98c30d69b79502e674285d99ae6dda Mon Sep 17 00:00:00 2001 From: Jens Ulferts Date: Tue, 12 Feb 2013 15:24:57 +0100 Subject: [PATCH] removes explicit casting of changes to yaml Journal changes are serialized anyway. This double serialization worked fine until a security risk was identified and a fix for that was created which prevents already serialized data to be serialized again (rails 2.3.17) --- app/models/wiki_content.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/wiki_content.rb b/app/models/wiki_content.rb index ba887518ab..f9cfc2359d 100644 --- a/app/models/wiki_content.rb +++ b/app/models/wiki_content.rb @@ -21,7 +21,7 @@ class WikiContent < ActiveRecord::Base validates_length_of :comments, :maximum => 255, :allow_nil => true attr_accessor :comments - + #attr_protected :author_id before_save :comments_to_journal_notes @@ -100,7 +100,7 @@ class WikiContent < ActiveRecord::Base changes.delete("text") changes["data"] = hash[:text] changes["compression"] = hash[:compression] - update_attribute(:changes, changes.to_yaml) + update_attribute(:changes, changes) end def text