lib/alexandria/smart_library.rb in alexandria-book-collection-manager-0.7.1 vs lib/alexandria/smart_library.rb in alexandria-book-collection-manager-0.7.2

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 # Copyright (C) 2004-2006 Laurent Sansonetti
 # Copyright (C) 2011, 2014 Matijs van Zuijlen
 #
 # Alexandria is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License as
@@ -30,11 +32,11 @@
     ANY_RULE = 2
     attr_reader :name
     attr_accessor :rules, :predicate_operator_rule, :deleted_books
 
     DIR = File.join(ENV['HOME'], '.alexandria', '.smart_libraries')
-    EXT = '.yaml'.freeze
+    EXT = '.yaml'
 
     def initialize(name, rules, predicate_operator_rule)
       super()
       raise if name.nil? || rules.nil? || predicate_operator_rule.nil?
       @name = name.dup.force_encoding('UTF-8')
@@ -56,20 +58,19 @@
           Dir['*' + EXT].each do |filename|
             # Skip non-regular files.
             next unless File.stat(filename).file?
 
             text = IO.read(filename)
-            hash = YAML.load(text)
+            hash = YAML.safe_load(text, whitelist_classes = [Symbol])
             begin
               smart_library = from_hash(hash)
               a << smart_library
             rescue => e
               puts "Cannot load serialized smart library: #{e}"
               puts e.backtrace
             end
           end
         end
-
       rescue Errno::ENOENT
         # First run and no smart libraries yet? Provide some default
         # ones.
         sample_smart_libraries.each do |smart_library|
           smart_library.save