diff options
author | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2020-12-14 20:13:12 +0900 |
---|---|---|
committer | Hiroshi SHIBATA <hsbt@ruby-lang.org> | 2020-12-14 20:13:12 +0900 |
commit | c2a60fec2f79c05bdb865c143b6ad8eddfc6cc36 (patch) | |
tree | 5ccf2881ca3f82ecc787a676e170476fd0a2bbcd /ext/psych | |
parent | 27520a1e1e8ac1ef0607a75d654e2cff6d36e15a (diff) |
Merge Psych-3.2.1 from ruby/psych
Diffstat (limited to 'ext/psych')
-rw-r--r-- | ext/psych/lib/psych.rb | 27 | ||||
-rw-r--r-- | ext/psych/lib/psych/versions.rb | 2 | ||||
-rw-r--r-- | ext/psych/yaml/loader.c | 2 |
3 files changed, 24 insertions, 7 deletions
diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb index b09866ad1e..c3292d9172 100644 --- a/ext/psych/lib/psych.rb +++ b/ext/psych/lib/psych.rb @@ -74,12 +74,15 @@ require 'psych/class_loader' # # ==== Reading from a string # -# Psych.load("--- a") # => 'a' -# Psych.load("---\n - a\n - b") # => ['a', 'b'] +# Psych.safe_load("--- a") # => 'a' +# Psych.safe_load("---\n - a\n - b") # => ['a', 'b'] +# # From a trusted string: +# Psych.load("--- !ruby/range\nbegin: 0\nend: 42\nexcl: false\n") # => 0..42 # # ==== Reading from a file # -# Psych.load_file("database.yml") +# Psych.safe_load_file("data.yml", permitted_classes: [Date]) +# Psych.load_file("trusted_database.yml") # # ==== Exception handling # @@ -276,8 +279,7 @@ module Psych result = parse(yaml, filename: filename) return fallback unless result - result = result.to_ruby(symbolize_names: symbolize_names, freeze: freeze) if result - result + result.to_ruby(symbolize_names: symbolize_names, freeze: freeze) end ### @@ -571,12 +573,27 @@ module Psych # Load the document contained in +filename+. Returns the yaml contained in # +filename+ as a Ruby object, or if the file is empty, it returns # the specified +fallback+ return value, which defaults to +false+. + # + # NOTE: This method *should not* be used to parse untrusted documents, such as + # YAML documents that are supplied via user input. Instead, please use the + # safe_load_file method. def self.load_file filename, **kwargs File.open(filename, 'r:bom|utf-8') { |f| self.load f, filename: filename, **kwargs } end + ### + # Safely loads the document contained in +filename+. Returns the yaml contained in + # +filename+ as a Ruby object, or if the file is empty, it returns + # the specified +fallback+ return value, which defaults to +false+. + # See safe_load for options. + def self.safe_load_file filename, **kwargs + File.open(filename, 'r:bom|utf-8') { |f| + self.safe_load f, filename: filename, **kwargs + } + end + # :stopdoc: @domain_types = {} def self.add_domain_type domain, type_tag, &block diff --git a/ext/psych/lib/psych/versions.rb b/ext/psych/lib/psych/versions.rb index b357563da1..e458a668e2 100644 --- a/ext/psych/lib/psych/versions.rb +++ b/ext/psych/lib/psych/versions.rb @@ -2,7 +2,7 @@ # frozen_string_literal: true module Psych # The version of Psych you are using - VERSION = '3.2.0' + VERSION = '3.2.1' if RUBY_ENGINE == 'jruby' DEFAULT_SNAKEYAML_VERSION = '1.26'.freeze diff --git a/ext/psych/yaml/loader.c b/ext/psych/yaml/loader.c index bcf3aee8cb..78b87e6f6b 100644 --- a/ext/psych/yaml/loader.c +++ b/ext/psych/yaml/loader.c @@ -541,4 +541,4 @@ yaml_parser_load_mapping_end(yaml_parser_t *parser, yaml_event_t *event, (void)POP(parser, *ctx); return 1; -} +}
\ No newline at end of file |