Permalink
Browse files

fixing response splitting problem

  • Loading branch information...
tenderlove committed Aug 16, 2011
1 parent bb99aa1 commit 11dafeaa7533be26441a63618be93a03869c83a9
Showing with 12 additions and 1 deletion.
  1. +2 −1 actionpack/lib/action_controller/response.rb
  2. +10 −0 actionpack/test/controller/content_type_test.rb
@@ -64,12 +64,13 @@ def location=(url) headers['Location'] = url end
# the character set information will also be included in the content type
# information.
def content_type=(mime_type)
- self.headers["Content-Type"] =
+ new_content_type =
if mime_type =~ /charset/ || (c = charset).nil?
mime_type.to_s
else
"#{mime_type}; charset=#{c}"
end
+ self.headers["Content-Type"] = URI.escape(new_content_type, "\r\n")
end
# Returns the response's content MIME type, or nil if content type has been set.
@@ -46,6 +46,11 @@ def render_default_content_types_for_respond_to
format.rss { render :text => "hello world!", :content_type => Mime::XML }
end
end
+
+ def render_content_type_from_user_input
+ response.content_type= params[:hello]
+ render :text=>"hello"
+ end
def rescue_action(e) raise end
end
@@ -129,6 +134,11 @@ def test_change_for_rxml
assert_equal Mime::HTML, @response.content_type
assert_equal "utf-8", @response.charset
end
+
+ def test_user_supplied_value
+ get :render_content_type_from_user_input, :hello=>"hello/world\r\nAttack: true"
+ assert_equal "hello/world%0D%0AAttack: true", @response.content_type
+ end
end
class AcceptBasedContentTypeTest < ActionController::TestCase

0 comments on commit 11dafea

Please sign in to comment.