projects / catagits/Catalyst-Action-REST.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (parent: fb9d509)
Security fix
Tomas Doran [Thu, 11 Apr 2013 19:18:40 +0000 (20:18 +0100)]
Changes patch | blob | blame | history
lib/Catalyst/Controller/REST.pm patch | blob | blame | history

diff --git a/Changes b/Changes
index 3cf2f28..0be6d66 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,3 +1,7 @@
+ Remove Storable and FreezeThaw from the list
+ of serialization methods offered by default, and
+ from the docs - they're totally unsafe :/
+
 Tue 11 Dec 2012 22:04:00 GMT - Release 1.06
  Sort list of allowed methods. RT#81825
 
diff --git a/lib/Catalyst/Controller/REST.pm b/lib/Catalyst/Controller/REST.pm
index a115b22..6e9bb8a 100644 (file)
--- a/lib/Catalyst/Controller/REST.pm
+++ b/lib/Catalyst/Controller/REST.pm
@@ -175,14 +175,6 @@ Uses the L<Data::Serializer> module to generate L<Data::Denter> output.
 
 Uses the L<Data::Serializer> module to generate L<Data::Taxi> output.
 
-=item * C<application/x-storable> => C<Data::Serializer>
-
-Uses the L<Data::Serializer> module to generate L<Storable> output.
-
-=item * C<application/x-freezethaw> => C<Data::Serializer>
-
-Uses the L<Data::Serializer> module to generate L<FreezeThaw> output.
-
 =item * C<text/x-config-general> => C<Data::Serializer>
 
 Uses the L<Data::Serializer> module to generate L<Config::General> output.
@@ -307,8 +299,6 @@ __PACKAGE__->config(
         'text/x-data-dumper' => [ 'Data::Serializer', 'Data::Dumper' ],
         'text/x-data-denter' => [ 'Data::Serializer', 'Data::Denter' ],
         'text/x-data-taxi'   => [ 'Data::Serializer', 'Data::Taxi'   ],
-        'application/x-storable'   => [ 'Data::Serializer', 'Storable' ],
-        'application/x-freezethaw' => [ 'Data::Serializer', 'FreezeThaw' ],
         'text/x-config-general'    => [ 'Data::Serializer', 'Config::General' ],
         'text/x-php-serialization' => [ 'Data::Serializer', 'PHP::Serialization' ],
     },
Catalyst-Action-REST