IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-25 02:11:08 -06:00
Code Issues Packages Projects Releases Wiki Activity

SECURITY: Avoid the use of Object#send in Onebox::Engine::StandardEmbed

Browse Source 
Use `Object#public_send` instead which is much safer
This commit is contained in:
Alan Guo Xiang Tan 2024-05-23 09:48:54 +08:00 committed by Nat
parent 311b737c91
commit 10afe5fcf1
No known key found for this signature in database
GPG Key ID: 4938B35D927EC773
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/onebox/engine/standard_embed.rb
View File

@ -161,7 +161,7 @@ module Onebox
def set_from_normalizer_data(normalizer)
normalizer.data.each do |k, _|
v = normalizer.send(k)
v = normalizer.public_send(k)
@raw[k] ||= v unless v.nil?
end
end