update vote.to_xml to handle serialized tracking

security fix disallowed parsing of YAML in XML

update vote.to_xml to handle serialized tracking
security fix disallowed parsing of YAML in XML
Luke Baker
1 parent 5a405e1f
Showing 1 changed file with 12 additions and 0 deletions Show diff stats
app/models/vote.rb
@@ -70,4 +70,16 @@ class Vote &lt; ActiveRecord::Base
 	     loser_choice.compute_score!
      end
   end
+
+  def to_xml(options={})
+    opts = {:except => 'tracking'}
+    options.merge!(opts)
+    super(options) do |xml|
+      xml.tracking do
+        self.tracking.each do |key, value|
+          xml.tag!(key.to_s) { value }
+        end
+      end
+    end
+  end
 end
	@@ -70,4 +70,16 @@ class Vote < ActiveRecord::Base		@@ -70,4 +70,16 @@ class Vote < ActiveRecord::Base
70	loser_choice.compute_score!	70	loser_choice.compute_score!
71	end	71	end
72	end	72	end
		73	+
		74	+ def to_xml(options={})
		75	+ opts = {:except => 'tracking'}
		76	+ options.merge!(opts)
		77	+ super(options) do \|xml\|
		78	+ xml.tracking do
		79	+ self.tracking.each do \|key, value\|
		80	+ xml.tag!(key.to_s) { value }
		81	+ end
		82	+ end
		83	+ end
		84	+ end
73	end	85	end