Permalink
Browse files

Only use valid mime type symbols as cache keys

CVE-2013-6414

Conflicts:
	actionpack/lib/action_view/lookup_context.rb
  • Loading branch information...
1 parent 46c26e8 commit e97530f176e8c7152f96e364be974b8593f59fc5 @tenderlove tenderlove committed Dec 1, 2013
Showing with 11 additions and 0 deletions.
  1. +11 −0 actionpack/lib/action_view/lookup_context.rb
@@ -52,9 +52,20 @@ class DetailsKey #:nodoc:
@details_keys = Hash.new
def self.get(details)
+ if details[:formats]
+ details = details.dup
+ syms = Set.new Mime::SET.symbols
+ details[:formats] = details[:formats].select { |v|
+ syms.include? v
+ }
+ end
@details_keys[details.freeze] ||= new
end
+ def self.clear
+ @details_keys.clear
+ end
+
def initialize
@hash = object_hash
end

0 comments on commit e97530f

Please sign in to comment.