Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Only use valid mime type symbols as cache keys

CVE-2013-6414
commit bee3b7f9371d1e2ddcfe6eaff5dcb26c0a248068 1 parent 5f844d6
@tenderlove tenderlove authored
Showing with 7 additions and 0 deletions.
  1. +7 −0 actionpack/lib/action_view/lookup_context.rb
View
7 actionpack/lib/action_view/lookup_context.rb
@@ -62,6 +62,13 @@ class DetailsKey #:nodoc:
@details_keys = Hash.new
def self.get(details)
+ if details[:formats]
+ details = details.dup
+ syms = Set.new Mime::SET.symbols
+ details[:formats] = details[:formats].select { |v|
+ syms.include? v
+ }
+ end
@details_keys[details] ||= new
end
Please sign in to comment.
Something went wrong with that request. Please try again.