summaryrefslogtreecommitdiff
path: root/ext/json/lib
diff options
context:
space:
mode:
authornaruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-02-12 03:05:45 +0000
committernaruse <naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>2013-02-12 03:05:45 +0000
commit062d2ee6f798205c3046730d0d348cfd0d0bc09d (patch)
tree8be6c2e72c796c481906978565bc116661e4fe9a /ext/json/lib
parentf1194eb9b08b7c7be39e168c1f9620e377bee472 (diff)
* ext/json: merge JSON 1.7.7.
This includes security fix. [CVE-2013-0269] https://github.com/flori/json/commit/d0a62f3ced7560daba2ad546d83f0479a5ae2cf2 https://groups.google.com/d/topic/rubyonrails-security/4_YvCpLzL58/discussion git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39208 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext/json/lib')
-rw-r--r--ext/json/lib/json/add/bigdecimal.rb7
-rw-r--r--ext/json/lib/json/common.rb25
-rw-r--r--ext/json/lib/json/generic_object.rb22
-rw-r--r--ext/json/lib/json/version.rb2
4 files changed, 46 insertions, 10 deletions
diff --git a/ext/json/lib/json/add/bigdecimal.rb b/ext/json/lib/json/add/bigdecimal.rb
index 4aafe537ab..0ef69f12e0 100644
--- a/ext/json/lib/json/add/bigdecimal.rb
+++ b/ext/json/lib/json/add/bigdecimal.rb
@@ -4,10 +4,16 @@ end
defined?(::BigDecimal) or require 'bigdecimal'
class BigDecimal
+ # Import a JSON Marshalled object.
+ #
+ # method used for JSON marshalling support.
def self.json_create(object)
BigDecimal._load object['b']
end
+ # Marshal the object to JSON.
+ #
+ # method used for JSON marshalling support.
def as_json(*)
{
JSON.create_id => self.class.name,
@@ -15,6 +21,7 @@ class BigDecimal
}
end
+ # return the JSON value
def to_json(*)
as_json.to_json
end
diff --git a/ext/json/lib/json/common.rb b/ext/json/lib/json/common.rb
index 3349501337..65a74a1aa4 100644
--- a/ext/json/lib/json/common.rb
+++ b/ext/json/lib/json/common.rb
@@ -139,7 +139,7 @@ module JSON
# keys:
# * *max_nesting*: The maximum depth of nesting allowed in the parsed data
# structures. Disable depth checking with :max_nesting => false. It defaults
- # to 19.
+ # to 100.
# * *allow_nan*: If set to true, allow NaN, Infinity and -Infinity in
# defiance of RFC 4627 to be parsed by the Parser. This option defaults
# to false.
@@ -199,7 +199,7 @@ module JSON
# encountered. This options defaults to false.
# * *max_nesting*: The maximum depth of nesting allowed in the data
# structures from which JSON is to be generated. Disable depth checking
- # with :max_nesting => false, it defaults to 19.
+ # with :max_nesting => false, it defaults to 100.
#
# See also the fast_generate for the fastest creation method with the least
# amount of sanity checks, and the pretty_generate method for some
@@ -299,21 +299,28 @@ module JSON
attr_accessor :load_default_options
end
self.load_default_options = {
- :max_nesting => false,
- :allow_nan => true,
- :quirks_mode => true,
+ :max_nesting => false,
+ :allow_nan => true,
+ :quirks_mode => true,
+ :create_additions => true,
}
# Load a ruby data structure from a JSON _source_ and return it. A source can
# either be a string-like object, an IO-like object, or an object responding
# to the read method. If _proc_ was given, it will be called with any nested
- # Ruby object as an argument recursively in depth first order. The default
- # options for the parser can be changed via the load_default_options method.
+ # Ruby object as an argument recursively in depth first order. To modify the
+ # default options pass in the optional _options_ argument as well.
+ #
+ # BEWARE: This method is meant to serialise data from trusted user input,
+ # like from your own database server or clients under your control, it could
+ # be dangerous to allow untrusted users to pass JSON sources into it. The
+ # default options for the parser can be changed via the load_default_options
+ # method.
#
# This method is part of the implementation of the load/dump interface of
# Marshal and YAML.
- def load(source, proc = nil)
- opts = load_default_options
+ def load(source, proc = nil, options = {})
+ opts = load_default_options.merge options
if source.respond_to? :to_str
source = source.to_str
elsif source.respond_to? :to_io
diff --git a/ext/json/lib/json/generic_object.rb b/ext/json/lib/json/generic_object.rb
index 7f3dbbd78d..8b1074c941 100644
--- a/ext/json/lib/json/generic_object.rb
+++ b/ext/json/lib/json/generic_object.rb
@@ -5,12 +5,34 @@ module JSON
class << self
alias [] new
+ def json_creatable?
+ @json_creatable
+ end
+
+ attr_writer :json_creatable
+
def json_create(data)
data = data.dup
data.delete JSON.create_id
self[data]
end
+
+ def from_hash(object)
+ case
+ when object.respond_to?(:to_hash)
+ result = new
+ object.to_hash.each do |key, value|
+ result[key] = from_hash(value)
+ end
+ result
+ when object.respond_to?(:to_ary)
+ object.to_ary.map { |a| from_hash(a) }
+ else
+ object
+ end
+ end
end
+ self.json_creatable = false
def to_hash
table
diff --git a/ext/json/lib/json/version.rb b/ext/json/lib/json/version.rb
index 45af03fd40..1de3d696f2 100644
--- a/ext/json/lib/json/version.rb
+++ b/ext/json/lib/json/version.rb
@@ -1,6 +1,6 @@
module JSON
# JSON version
- VERSION = '1.7.5'
+ VERSION = '1.7.7'
VERSION_ARRAY = VERSION.split(/\./).map { |x| x.to_i } # :nodoc:
VERSION_MAJOR = VERSION_ARRAY[0] # :nodoc:
VERSION_MINOR = VERSION_ARRAY[1] # :nodoc: