You should be fine just putting that in your app initializers.
On Wednesday, January 9, 2013 5:57:46 AM UTC-5, Kevin Triplett wrote: > > Or should that file go in > radiant-0.9.1/vendor/rails/railties/configs/initializers ? > > > > On Wednesday, January 9, 2013 4:53:52 AM UTC-6, Kevin Triplett wrote: >> >> Yes, I saw that, thanks. >> >> Okay, here's what I did, please tell me if this will not work. :) >> >> Added new file in radiant-0.9.1/config/initializers called rails.rb with >> this single line: >> >> ActionController::Base.param_parsers.delete(Mime::XML) >> >> Thanks for your help! :D >> >> >> On Wednesday, January 9, 2013 4:42:04 AM UTC-6, Jim Gay wrote: >>> >>> Kevin, >>> >>> See the rails security post here with details about getting around this >>> problem. >>> >>> https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion >>> >>> >>> >>> On Wed, Jan 9, 2013 at 5:25 AM, Kevin Triplett <[email protected]> >>> wrote: >>> > Hi Jim, >>> > >>> > What about us poor sods who are running 0.9 and unable to update >>> Radiant? :) >>> > >>> > Kevin >>> > >>> > >>> > On Wednesday, January 9, 2013 4:01:45 AM UTC-6, Jim Gay wrote: >>> >> >>> >> Radiant no longer keeps vendor/rails in the gem. It's loaded by the >>> >> Gemfile. >>> >> >>> >> I've just pushed Radiant 1.1.1 with a dependency on Rails 2.3.15 >>> >> >>> >> Thanks for reporting this! >>> >> >>> >> On Wed, Jan 9, 2013 at 4:28 AM, Toine Diepstraten >>> >> <[email protected]> wrote: >>> >> > Hi, >>> >> > >>> >> > an important security update for Rails 2.3 was released, read more >>> about >>> >> > it >>> >> > here: >>> >> > >>> >> > >>> >> > >>> http://weblog.rubyonrails.org/2013/1/8/Rails-3-2-11-3-1-10-3-0-19-and-2-3-15-have-been-released/ >>> >>> >> > >>> >> > >>> >> > As I understand Radiant uses a vendor Rails 2.3.14 version. How can >>> one >>> >> > update Radiant to use the security fixed Rails 2.3.15 version? >>> >> > >>> >> > Thanks for any suggestions. >>> >> > >>> >> > Best, >>> >> > Toine >>> >> > >>> >> >>> >> >>> >> >>> >> -- >>> >> Write intention revealing code #=> http://www.clean-ruby.com >>> >> >>> >> Jim Gay >>> >> Saturn Flyer LLC >>> >> 571-403-0338 >>> >>> >>> >>> -- >>> Write intention revealing code #=> http://www.clean-ruby.com >>> >>> Jim Gay >>> Saturn Flyer LLC >>> 571-403-0338 >>> >>
