Rails security flaw (11 jan 13)
Some of my apps are Rails 2, some 3, and some 4 beta
For the Rails 2 apps, I put a Ruby file in config/initializers/ containing this line:
ActionController::Base.param_parsers.delete(Mime::XML)
and this line
ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
for the Rails 3 and 4 beta apps
See
https://github.com/pdxrod/.../spec/rockonruby/config/initializers/rpgsecurityfix.rb