lib/rdoc/rdoc.rb: Allow only RDoc::Options in .rdoc_options

Follow-up of d8fd92f62024d85271a3f1125bc6928409f912e1. Instead of using unsafe_load blindly, RDoc::Options is only supposed to be allowed.
author: Yusuke Endoh <mame@ruby-lang.org> 2021-05-17 12:50:21 +0900
committer: Yusuke Endoh <mame@ruby-lang.org> 2021-05-17 12:53:42 +0900
commit: ffdf0232efd4955a234955c8372885b850fcfe33 (patch)
tree: c13e7971b6ea8493825d233aa3158db1f4168fd2 /lib/rdoc/rdoc.rb
parent: d8fd92f62024d85271a3f1125bc6928409f912e1 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
index ded4db9087..680a8612f7 100644
--- a/lib/rdoc/rdoc.rb
+++ b/lib/rdoc/rdoc.rb
@@ -162,11 +162,12 @@ class RDoc::RDoc
     RDoc.load_yaml
 
     begin
-      options = YAML.unsafe_load_file '.rdoc_options'
+      options = YAML.load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
     rescue Psych::SyntaxError
+      raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
     end
 
-    return RDoc::Options.new if options == false # Allow empty file.
+    return RDoc::Options.new unless options # Allow empty file.
 
     raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
       RDoc::Options === options or Hash === options
author	Yusuke Endoh <mame@ruby-lang.org>	2021-05-17 12:50:21 +0900
committer	Yusuke Endoh <mame@ruby-lang.org>	2021-05-17 12:53:42 +0900
commit	ffdf0232efd4955a234955c8372885b850fcfe33 (patch)
tree	c13e7971b6ea8493825d233aa3158db1f4168fd2 /lib/rdoc/rdoc.rb
parent	d8fd92f62024d85271a3f1125bc6928409f912e1 (diff)