Use safe_load and safe_load_file for .rdoc_options

Author: hsbt

lib/rdoc/rdoc.rb

@@ -162,11 +162,12 @@ def load_options
     RDoc.load_yaml
 
     begin
-      options = YAML.load_file '.rdoc_options'
+      options = YAML.safe_load_file '.rdoc_options', permitted_classes: [RDoc::Options, Symbol]
     rescue Psych::SyntaxError
+      raise RDoc::Error, "#{options_file} is not a valid rdoc options file"
     end
 
-    return RDoc::Options.new if options == false # Allow empty file.
+    return RDoc::Options.new unless options # Allow empty file.
 
     raise RDoc::Error, "#{options_file} is not a valid rdoc options file" unless
       RDoc::Options === options or Hash === options

test/rdoc/test_rdoc_options.rb

@@ -145,7 +145,7 @@ def test_init_with_encoding
 
     @options.encoding = Encoding::IBM437
 
-    options = YAML.load YAML.dump @options
+    options = YAML.safe_load(YAML.dump(@options), permitted_classes: [RDoc::Options, Symbol])
 
     assert_equal Encoding::IBM437, options.encoding
   end
@@ -161,7 +161,7 @@ def test_init_with_trim_paths
 - /etc
     YAML
 
-    options = YAML.load yaml
+    options = YAML.safe_load(yaml, permitted_classes: [RDoc::Options, Symbol])
 
     assert_empty options.rdoc_include
     assert_empty options.static_path
@@ -749,7 +749,7 @@ def test_write_options
 
       assert File.exist? '.rdoc_options'
 
-      assert_equal @options, YAML.load(File.read('.rdoc_options'))
+      assert_equal @options, YAML.safe_load(File.read('.rdoc_options'), permitted_classes: [RDoc::Options, Symbol])
     end
   end