Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

fixing response splitting problem

  • Loading branch information...
commit 11dafeaa7533be26441a63618be93a03869c83a9 1 parent bb99aa1
@tenderlove tenderlove authored
View
3  actionpack/lib/action_controller/response.rb
@@ -64,12 +64,13 @@ def location=(url) headers['Location'] = url end
# the character set information will also be included in the content type
# information.
def content_type=(mime_type)
- self.headers["Content-Type"] =
+ new_content_type =
if mime_type =~ /charset/ || (c = charset).nil?
mime_type.to_s
else
"#{mime_type}; charset=#{c}"
end
+ self.headers["Content-Type"] = URI.escape(new_content_type, "\r\n")
end
# Returns the response's content MIME type, or nil if content type has been set.
View
10 actionpack/test/controller/content_type_test.rb
@@ -46,6 +46,11 @@ def render_default_content_types_for_respond_to
format.rss { render :text => "hello world!", :content_type => Mime::XML }
end
end
+
+ def render_content_type_from_user_input
+ response.content_type= params[:hello]
+ render :text=>"hello"
+ end
def rescue_action(e) raise end
end
@@ -129,6 +134,11 @@ def test_change_for_rxml
assert_equal Mime::HTML, @response.content_type
assert_equal "utf-8", @response.charset
end
+
+ def test_user_supplied_value
+ get :render_content_type_from_user_input, :hello=>"hello/world\r\nAttack: true"
+ assert_equal "hello/world%0D%0AAttack: true", @response.content_type
+ end
end
class AcceptBasedContentTypeTest < ActionController::TestCase
Please sign in to comment.
Something went wrong with that request. Please try again.