kotovalexarian-likes-github
/
rails--rails
mirror of https://github.com/rails/rails.git
1
0
Fork 0
Code Releases Activity

Only use valid mime type symbols as cache keys 

CVE-2013-6414
This commit is contained in:
Aaron Patterson 2013-11-30 17:02:53 -08:00
parent 46923cabe1
commit 2e3c3a87d8
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
actionview/lib/action_view/lookup_context.rb
View File

@ -62,6 +62,13 @@ module ActionView
@details_keys = ThreadSafe::Cache.new
def self.get(details)
if details[:formats]
details = details.dup
syms = Set.new Mime::SET.symbols
details[:formats] = details[:formats].select { |v|
syms.include? v
}
end
@details_keys[details] ||= new
end