From 511ee7fbe16bdfba3368357101773872404818f6 Mon Sep 17 00:00:00 2001
From: Bouke van der Bijl <boukevanderbijl@gmail.com>
Date: Mon, 28 Oct 2013 13:56:11 +0100
Subject: [PATCH 1/3] Remove to_sym from condition creation

This prevents a DoS http://www.tricksonrails.com/2010/06/avoid-memory-leaks-in-ruby-rails-code-and-protect-against-denial-of-service/
---
 lib/liquid/tags/if.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/liquid/tags/if.rb b/lib/liquid/tags/if.rb
index c376f6c..1b46b2c 100644
--- a/lib/liquid/tags/if.rb
+++ b/lib/liquid/tags/if.rb
@@ -63,7 +63,7 @@ module Liquid
           raise(SyntaxError.new(options[:locale].t("errors.syntax.if"))) unless expressions.shift.to_s =~ Syntax
 
           new_condition = Condition.new($1, $2, $3)
-          new_condition.send(operator.to_sym, condition)
+          new_condition.send(operator, condition)
           condition = new_condition
         end
 

From a5cd661dd9d77c620b38cd0b4593285b1ea34510 Mon Sep 17 00:00:00 2001
From: Bouke van der Bijl <boukevanderbijl@gmail.com>
Date: Mon, 28 Oct 2013 13:56:57 +0100
Subject: [PATCH 2/3] Use public_send on condition creation

This makes sure you can't call Kernel methods like `throw`
---
 lib/liquid/tags/if.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/liquid/tags/if.rb b/lib/liquid/tags/if.rb
index 1b46b2c..ce086ef 100644
--- a/lib/liquid/tags/if.rb
+++ b/lib/liquid/tags/if.rb
@@ -63,7 +63,7 @@ module Liquid
           raise(SyntaxError.new(options[:locale].t("errors.syntax.if"))) unless expressions.shift.to_s =~ Syntax
 
           new_condition = Condition.new($1, $2, $3)
-          new_condition.send(operator, condition)
+          new_condition.public_send(operator, condition)
           condition = new_condition
         end
 

From 2f50a0c42273fe17347a9d792b2b0f36f4803e67 Mon Sep 17 00:00:00 2001
From: Bouke van der Bijl <boukevanderbijl@gmail.com>
Date: Mon, 28 Oct 2013 14:10:13 +0100
Subject: [PATCH 3/3] Add history message

---
 History.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/History.md b/History.md
index 35fde61..161688a 100644
--- a/History.md
+++ b/History.md
@@ -10,6 +10,7 @@
 * Fix clashing method names in enumerable drops, see #238 [Florian Weingarten, fw42]
 * Make map filter work on enumerable drops, see #233 [Florian Weingarten, fw42]
 * Improved whitespace stripping for blank blocks, related to #216 [Florian Weingarten, fw42]
+* Don't call to_sym when creating conditions and use public_send for security reasons, see #273 [Bouke van der Bijl, bouk]
 
 ## 2.6.0 / not yet released / branch "2.6-stable"