Added restrictions on classes that can be parsed.

Author: ooooooo-q

lib/xmlrpc/parser.rb

@@ -114,13 +114,15 @@ def self.struct(hash)
           mod = Module
           klass.split("::").each {|const| mod = mod.const_get(const.strip)}
 
-          obj = mod.allocate
-
-          hash.delete "___class___"
-          hash.each {|key, value|
-            obj.instance_variable_set("@#{ key }", value) if key =~ /^([a-zA-Z_]\w*)$/
-          }
-          obj
+          if mod.included_modules.include? XMLRPC::Marshallable
+            obj = mod.allocate
+
+            hash.delete "___class___"
+            hash.each {|key, value|
+              obj.instance_variable_set("@#{ key }", value) if key =~ /^([a-zA-Z_]\w*)$/
+            }
+            obj
+          end
         rescue
           hash
         end

test/data/marshallable.expected

@@ -0,0 +1,3 @@
+---
+- true
+- ''

test/data/marshallable.xml

@@ -0,0 +1 @@
+<?xml version="1.0" ?><methodResponse><params><param><value><struct><member><name>___class___</name><value><string>Gem::Requirement</string></value></member></struct></value></param></params></methodResponse>

test/test_parser.rb

@@ -25,7 +25,10 @@ def setup
     @datetime_xml = File.read(datafile('datetime_iso8601.xml'))
     @datetime_expected = XMLRPC::DateTime.new(2004, 11, 5, 1, 15, 23)
 
+    @marshallable_xml, @marshallable_expected = load_data('marshallable')
+
     @fault_doc = File.read(datafile('fault.xml'))
+    @marshallable = File.read(datafile('marshallable.xml'))
   end
 
   # test parseMethodResponse --------------------------------------------------
@@ -50,6 +53,11 @@ def test_dateTime
     assert_equal(@datetime_expected, @p.parseMethodResponse(@datetime_xml)[1])
   end
 
+  def test_marshallable
+    assert_equal(@marshallable_expected, @p.parseMethodResponse(@marshallable))
+  end
+
+
   # test parseMethodCall ------------------------------------------------------
 
   def test_parseMethodCall