Permalink
Browse files

Only use valid mime type symbols as cache keys

CVE-2013-6414

Conflicts:
	actionpack/lib/action_view/lookup_context.rb
  • Loading branch information...
1 parent 77403a9 commit 5aeb472d990fef093a3d674bd20e4e9eb45ac962 @tenderlove tenderlove committed Dec 1, 2013
Showing with 11 additions and 0 deletions.
  1. +11 −0 actionpack/lib/action_view/lookup_context.rb
View
11 actionpack/lib/action_view/lookup_context.rb
@@ -50,9 +50,20 @@ class DetailsKey #:nodoc:
@details_keys = Hash.new
def self.get(details)
+ if details[:formats]
+ details = details.dup
+ syms = Set.new Mime::SET.symbols
+ details[:formats] = details[:formats].select { |v|
+ syms.include? v
+ }
+ end
@details_keys[details.freeze] ||= new
end
+ def self.clear
+ @details_keys.clear
+ end
+
def initialize
@hash = object_hash
end

0 comments on commit 5aeb472

Please sign in to comment.