Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417 Conflicts: actionpack/lib/action_dispatch/http/request.rb
i18n doesn't depend on active support which means it can't use our html_safe code to do its escaping when generating the spans. Rather than try to sanitize the output from i18n, just revert to our old behaviour of rescuing the error and constructing the tag ourselves. Fixes: CVE-2013-4491 Conflicts: actionpack/lib/action_view/helpers/translation_helper.rb Backport: 50afd8e
Fixes CVE-2013-6415 Previously the values were trusted blindly allowing for potential XSS attacks.
CVE-2013-6414 Conflicts: actionpack/lib/action_view/lookup_context.rb
…* dealing with empty hashes. Thanks Damien Mathieu Conflicts: actionpack/CHANGELOG.md activerecord/CHANGELOG.md
This avoids "SECURITY WARNING: No secret option provided to Rack::Session::Cookie."
Thanks to Marek Labos & Nethemba CVE-2012-3465
* 3-1-stable-sec: Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this! predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Thanks to Ben Murphy for reporting this! CVE-2012-2660
Support data: url scheme
This commit improves the handling of default_url_options in integration tests by making behave closer to how a real application operates. Specifically the following issues have been addressed: * Options specified in routes.rb are used (fixes #546) * Options specified in controllers are used * Request parameters are recalled correctly * Tests can override default_url_options directly
A callable object passed as a constraint for a route may access the request parameters as part of its check. This causes the combined parameters hash to be cached in the environment hash. If the constraint fails then any subsequent access of the request parameters will be against that stale hash. To fix this we delete the cache after every call to `matches?`. This may have a negative performance impact if the contraint wraps a large number of routes as the parameters hash is built by merging GET, POST and path parameters. Fixes #2510. (cherry picked from commit 5603050)
…angerous especially with Rack::Cache), it should only be loaded when the flash method is called
(cherry picked from commit d6bbd33)