From e59a5b889dffdfa81c3aa154225127ce8f1334c2 Mon Sep 17 00:00:00 2001
From: Jochen Topf <jochen@topf.org>
Date: Sat, 23 Feb 2013 08:42:44 +0100
Subject: Set :create_additions => false for JSON parse, because we don't need
 it and it might lead to security problems

---
 sources/wiki/lib/mediawikiapi.rb | 2 +-
 web/lib/config.rb                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/sources/wiki/lib/mediawikiapi.rb b/sources/wiki/lib/mediawikiapi.rb
index c924f66..7a3d652 100644
--- a/sources/wiki/lib/mediawikiapi.rb
+++ b/sources/wiki/lib/mediawikiapi.rb
@@ -61,7 +61,7 @@ module MediaWikiAPI
             params[:action] = 'query'
             params[:format] = 'json'
             result = get(params)
-            JSON.parse(result.body)
+            JSON.parse(result.body, { :create_additions => false })
         end
 
     end
diff --git a/web/lib/config.rb b/web/lib/config.rb
index c901921..6195c28 100644
--- a/web/lib/config.rb
+++ b/web/lib/config.rb
@@ -6,7 +6,7 @@ class TaginfoConfig
 
     def self.read
         open(File.expand_path(File.dirname(__FILE__)) + '/../../../taginfo-config.json') do |file|
-            @@config = JSON.parse(file.gets(nil))
+            @@config = JSON.parse(file.gets(nil), { :create_additions => false })
         end
     end
 
-- 
cgit v1.2.3