Last Updated: February 25, 2016
·
1.619K
· fr4nktic

Disable XML Parsing in a Rails 2.0.x App

#rails

Since there is no update to fix the paramater parsing vulnerability in Rails 2.0.x and you are still running a Rails 2.0.x app, XML parsing can be disabled by adding the following to the bottom of your environment.rb file.

ActionController::Base.param_parsers.delete(Mime::XML)
#rails

Written by Frank

Say Thanks
Respond

Related protips

Rails 4: How to partials & AJAX, dead easy

193.1K
27

Ruby on Rails 4 - Authentication with Facebook and OmniAuth.

100.7K
51

Open a rails form with Twitter Bootstrap modals

88.01K
19

2 Responses
Add your response

mikhailov

Completely disable is not a solution, and you can find a fix here: https://groups.google.com/forum/#!topic/rubyonrails-security/61bkgvnSGTQ/discussion

over 1 year ago ·
fr4nktic

Agreed, but there is no official patch for Rails 2.0.x. Disabling XML parsing is only a temporary solution until the entire app can be updated to a version of Rails that is still maintained.

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Rails Authors
sebastialonso
225.2K
#rails
#CSS
#JavaScript
sergiotapia
142.8K
#rails
#Ruby
#Elixir
jamesdullaghan
91.03K
#rails
#JavaScript
#Ruby
edokun_
88.01K
#rails
#Ruby
#Python
rorykoehler
80.91K
#rails
#Postgres
#Coffeescript
Related Tags
#rails
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Ruby on Rails Development Tips
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#