Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Regex.escape Mime.EXTENSION_LOOKUP.keys #40

Open
wants to merge 1 commit into from

1 participant

@debreczeni

Prevent all pages breaking when weird mime extensions gets into Mime.EXTENSION_LOOKUP
Fixes:

in routing_filter/filters/extension.rb:  67:in `mime_extension?'
RegexpError: unmatched close parenthesis: /\.all|text|txt|html|xhtml|js|css|ics|csv|xml|rss|atom|yaml|multipart_form|url_encoded_form|json|aspx|htmlbefore|html)|htm|html+++++++++++++++++++Result:+chosen+nickname+"wyduxxgs";+success+(from+first+page);(\?|$)/`

Will submit an issue to Rails 2.3.14 as of how these weird Mime type extensions could sneak into Mime.EXTENSION_LOOKUP

UPDATE: opened issue in rails issue tracker: rails/rails#7248

@debreczeni debreczeni referenced this pull request in rails/rails
Closed

Weird unescaped values in Mime type lookup #7248

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Aug 3, 2012
  1. @debreczeni
This page is out of date. Refresh to see the latest.
Showing with 1 addition and 1 deletion.
  1. +1 −1  lib/routing_filter/filters/extension.rb
View
2  lib/routing_filter/filters/extension.rb
@@ -64,7 +64,7 @@ def excluded?(url)
end
def mime_extension?(url)
- url =~ /\.#{Mime::EXTENSION_LOOKUP.keys.join('|')}(\?|$)/
+ url =~ /\.#{Mime::EXTENSION_LOOKUP.keys.map { |ext| Regexp.escape(ext) }.join('|')}(\?|$)/
end
end
end
Something went wrong with that request. Please try again.