projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
19316: Change wb1 and sdk/cli to Oj.safe_load / strict_load.
[arvados.git] / apps / workbench / app / controllers / actions_controller.rb
diff --git a/apps/workbench/app/controllers/actions_controller.rb b/apps/workbench/app/controllers/actions_controller.rb
index df489d2eebc997c9efc8f3c55236f46021657fd4..7b8c8eafc81d31cd566c6cef81e050b5ca521c9a 100644 (file)
--- a/apps/workbench/app/controllers/actions_controller.rb
+++ b/apps/workbench/app/controllers/actions_controller.rb
@@ -167,7 +167,7 @@ class ActionsController < ApplicationController
     flash = {}
 
     # set owner_uuid to current project, provided it is writable
-    action_data = Oj.load(params['action_data'] || "{}")
+    action_data = Oj.safe_load(params['action_data'] || "{}")
     if action_data['current_project_uuid'] and
         current_project = Group.find?(action_data['current_project_uuid']) and
         current_project.writable_by.andand.include?(current_user.uuid)