Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Only use valid mime type symbols as cache keys

CVE-2013-6414
  • Loading branch information...
commit 2e3c3a87d81e16a2fed442c1cf31360f75737a83 1 parent 46923ca
@tenderlove tenderlove authored
Showing with 7 additions and 0 deletions.
  1. +7 −0 actionview/lib/action_view/lookup_context.rb
View
7 actionview/lib/action_view/lookup_context.rb
@@ -62,6 +62,13 @@ class DetailsKey #:nodoc:
@details_keys = ThreadSafe::Cache.new
def self.get(details)
+ if details[:formats]
+ details = details.dup
+ syms = Set.new Mime::SET.symbols
+ details[:formats] = details[:formats].select { |v|
+ syms.include? v
+ }
+ end
@details_keys[details] ||= new
end
Please sign in to comment.
Something went wrong with that request. Please try again.