Set :create_additions => false for JSON parse, because we don't need it and it might lead to security problems

author: Jochen Topf <jochen@topf.org> 2013-02-23 08:42:44 +0100
committer: Jochen Topf <jochen@topf.org> 2013-02-23 08:42:44 +0100
commit: e59a5b889dffdfa81c3aa154225127ce8f1334c2 (patch)
tree: 55836d4d254b10227e41d6f36d02a9ea9a5b670a
parent: f70e889fdb7afadd09af545df233c17ad151acee (diff)
download: taginfo-e59a5b889dffdfa81c3aa154225127ce8f1334c2.tar
taginfo-e59a5b889dffdfa81c3aa154225127ce8f1334c2.tar.gz
2 files changed, 2 insertions, 2 deletions
diff --git a/sources/wiki/lib/mediawikiapi.rb b/sources/wiki/lib/mediawikiapi.rb
index c924f66..7a3d652 100644
--- a/sources/wiki/lib/mediawikiapi.rb
+++ b/sources/wiki/lib/mediawikiapi.rb
@@ -61,7 +61,7 @@ module MediaWikiAPI
             params[:action] = 'query'
             params[:format] = 'json'
             result = get(params)
-            JSON.parse(result.body)
+            JSON.parse(result.body, { :create_additions => false })
         end
 
     end
diff --git a/web/lib/config.rb b/web/lib/config.rb
index c901921..6195c28 100644
--- a/web/lib/config.rb
+++ b/web/lib/config.rb
@@ -6,7 +6,7 @@ class TaginfoConfig
 
     def self.read
         open(File.expand_path(File.dirname(__FILE__)) + '/../../../taginfo-config.json') do |file|
-            @@config = JSON.parse(file.gets(nil))
+            @@config = JSON.parse(file.gets(nil), { :create_additions => false })
         end
     end
author	Jochen Topf <jochen@topf.org>	2013-02-23 08:42:44 +0100
committer	Jochen Topf <jochen@topf.org>	2013-02-23 08:42:44 +0100
commit	e59a5b889dffdfa81c3aa154225127ce8f1334c2 (patch)
tree	55836d4d254b10227e41d6f36d02a9ea9a5b670a
parent	f70e889fdb7afadd09af545df233c17ad151acee (diff)
download	taginfo-e59a5b889dffdfa81c3aa154225127ce8f1334c2.tar taginfo-e59a5b889dffdfa81c3aa154225127ce8f1334c2.tar.gz