Commit 56c16891903a905d1490786cd41615b9abe7fc4d
1 parent
5a405e1f
Exists in
master
and in
1 other branch
update vote.to_xml to handle serialized tracking
security fix disallowed parsing of YAML in XML
Showing
1 changed file
with
12 additions
and
0 deletions
Show diff stats
app/models/vote.rb
@@ -70,4 +70,16 @@ class Vote < ActiveRecord::Base | @@ -70,4 +70,16 @@ class Vote < ActiveRecord::Base | ||
70 | loser_choice.compute_score! | 70 | loser_choice.compute_score! |
71 | end | 71 | end |
72 | end | 72 | end |
73 | + | ||
74 | + def to_xml(options={}) | ||
75 | + opts = {:except => 'tracking'} | ||
76 | + options.merge!(opts) | ||
77 | + super(options) do |xml| | ||
78 | + xml.tracking do | ||
79 | + self.tracking.each do |key, value| | ||
80 | + xml.tag!(key.to_s) { value } | ||
81 | + end | ||
82 | + end | ||
83 | + end | ||
84 | + end | ||
73 | end | 85 | end |