Skip to content

Commit

Permalink
Merge pull request #11974 from CocoaPods/use_safe_load_yaml
Browse files Browse the repository at this point in the history 
Use `safe_load` during custom YAML config loading
  • Loading branch information
@dnkoutso
dnkoutso committed Jul 3, 2023
2 parents 7234edf + 6bddd9f commit 400f290
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
4 changes: 3 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,9 @@ To install release candidates run `[sudo] gem install cocoapods --pre`

##### Bug Fixes

* None.
* Use safe_load during custom YAML config loading.
[Dimitris Koutsogiorgas](https://github.com/dnkoutso)
[#11974](https://github.com/CocoaPods/CocoaPods/pull/11974)


## 1.12.1 (2023-04-18)
Expand Down
3 changes: 2 additions & 1 deletion lib/cocoapods/config.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,8 @@ def initialize(use_user_settings = true)

if use_user_settings && user_settings_file.exist?
require 'yaml'
user_settings = YAML.load_file(user_settings_file)
user_settings_contents = File.read(user_settings_file)
user_settings = YAML.safe_load(user_settings_contents)
configure_with(user_settings)
end

Expand Down

0 comments on commit 400f290

Please sign in to comment.