Commit ad20bb05 authored by Dennis Schubert's avatar Dennis Schubert

Fix include_root_in_json misuse

since it is no longer exposed for instances, our post_presenter failed
hard.
parent 72fe5a79
# 0.5.6.3
Fix evil regression caused by Active Model no longer exposing
`include_root_in_json` in instances.
# 0.5.6.2
* Fix [CVE-2016-0751](https://groups.google.com/forum/#!topic/rubyonrails-security/9oLY_FCzvoc) - Possible Object Leak and Denial of Service attack in Action Pack
......
......@@ -3,6 +3,8 @@
# the COPYRIGHT file.
class Post < ActiveRecord::Base
self.include_root_in_json = false
include ApplicationHelper
include Diaspora::Federated::Shareable
......
......@@ -9,7 +9,6 @@ class PostPresenter < BasePresenter
end
def as_json(_options={})
@post.include_root_in_json = false
@post.as_json(only: directly_retrieved_attributes).merge(non_directly_retrieved_attributes)
end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment