File tree 2 files changed +12
-1
lines changed
2 files changed +12
-1
lines changed Original file line number Diff line number Diff line change @@ -64,12 +64,13 @@ def location=(url) headers['Location'] = url end
6464 # the character set information will also be included in the content type
6565 # information.
6666 def content_type = ( mime_type )
67- self . headers [ "Content-Type" ] =
67+ new_content_type =
6868 if mime_type =~ /charset/ || ( c = charset ) . nil?
6969 mime_type . to_s
7070 else
7171 "#{ mime_type } ; charset=#{ c } "
7272 end
73+ self . headers [ "Content-Type" ] = URI . escape ( new_content_type , "\r \n " )
7374 end
7475
7576 # Returns the response's content MIME type, or nil if content type has been set.
Original file line number Diff line number Diff line change @@ -46,6 +46,11 @@ def render_default_content_types_for_respond_to
4646 format . rss { render :text => "hello world!" , :content_type => Mime ::XML }
4747 end
4848 end
49+
50+ def render_content_type_from_user_input
51+ response . content_type = params [ :hello ]
52+ render :text => "hello"
53+ end
4954
5055 def rescue_action ( e ) raise end
5156end
@@ -129,6 +134,11 @@ def test_change_for_rxml
129134 assert_equal Mime ::HTML , @response . content_type
130135 assert_equal "utf-8" , @response . charset
131136 end
137+
138+ def test_user_supplied_value
139+ get :render_content_type_from_user_input , :hello => "hello/world\r \n Attack: true"
140+ assert_equal "hello/world%0D%0AAttack: true" , @response . content_type
141+ end
132142end
133143
134144class AcceptBasedContentTypeTest < ActionController ::TestCase
You can’t perform that action at this time.
0 commit comments