Support for Psych version 4 #1335

niciliketo · 2021-08-07T10:38:16Z

I think Psych 4 uses safe_load by default

This seems to cause a problem when retrieving previous versions with papertrail
Check the following boxes:

This is not a usage question, this is a bug report
This bug can be reproduced with the script I provide below
This bug can be reproduced in the latest release of the paper_trail gem

Due to limited volunteers, we cannot answer usage questions. Please ask such
questions on StackOverflow.

Bug reports must use the following template:

# frozen_string_literal: true

# Use this template to report PaperTrail bugs.
# Please include only the minimum code necessary to reproduce your issue.
require "bundler/inline"

# STEP ONE: What versions are you using?
gemfile(true) do
  ruby "2.7.4"
  source "https://rubygems.org"
  gem "activerecord", "6.1.0"
  gem "minitest", "5.11.3"
  #gem "psych", ">=3", "<4"
  gem "psych", ">=4"
  gem "paper_trail", ">=12", require: false
  gem "sqlite3",  "1.4.2"
end

require "active_record"
require "minitest/autorun"
require "logger"

# Please use sqlite for your bug reports, if possible.
ActiveRecord::Base.establish_connection(adapter: "sqlite3", database: ":memory:")
ActiveRecord::Base.logger = nil
ActiveRecord::Schema.define do
  # STEP TWO: Define your tables here.
  create_table :users, force: true do |t|
    t.text :first_name, null: false
    t.timestamps null: false
  end

  create_table :versions do |t|
    t.string :item_type, null: false
    t.integer :item_id, null: false
    t.string :event, null: false
    t.string :whodunnit
    t.text :object, limit: 1_073_741_823
    t.text :object_changes, limit: 1_073_741_823
    t.datetime :created_at
  end
  add_index :versions, %i[item_type item_id]
end
ActiveRecord::Base.logger = Logger.new(STDOUT)
require "paper_trail"

# STEP FOUR: Define your AR models here.
class User < ActiveRecord::Base
  has_paper_trail
end

# STEP FIVE: Please write a test that demonstrates your issue.
class BugTest < ActiveSupport::TestCase
  def test_1
    assert_nothing_raised {
      u = User.create(first_name: "Jane")
      u.first_name = "John"
      u.save
      u.paper_trail.previous_version
    }
  end
end


# STEP SIX: Run this script using `ruby my_bug_report.rb`

The text was updated successfully, but these errors were encountered:

gurgelrenan · 2021-08-20T00:54:08Z

Hi @niciliketo, thanks for share the issue. I could reproduce and seems like could be an easy fix.

In lib/paper_trail/serializers/yaml.rb:12 if we replace

::YAML.load string

by

::YAML.respond_to?(:unsafe_load) ? ::YAML.unsafe_load(string) : ::YAML.load(string)

It works. I just used the same code that rails team used here: rails/rails@255b5ff

I would like to see @jaredbeck thoughts.

jaredbeck · 2021-08-20T02:17:09Z

Sounds good, thanks @gurgelrenan

Fixes paper-trail-gem#1335 Psych's `.load` method uses `.safe_load` by default which is not compatible with papertail needs to load. This implements the suggested fix in the issue which is a similar fix that Rails uses throughout its codebase when it needs to load YAML content.

t27duck mentioned this issue Sep 5, 2021

Support Psych version 4 #1338

Merged

6 tasks

jaredbeck closed this as completed in #1338 Sep 15, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for Psych version 4 #1335

Support for Psych version 4 #1335

niciliketo commented Aug 7, 2021

gurgelrenan commented Aug 20, 2021

jaredbeck commented Aug 20, 2021

Support for Psych version 4 #1335

Support for Psych version 4 #1335

Comments

niciliketo commented Aug 7, 2021

gurgelrenan commented Aug 20, 2021

jaredbeck commented Aug 20, 2021