Only use valid mime type symbols as cache keys
CVE-2013-6414
This commit is contained in:
parent
46923cabe1
commit
2e3c3a87d8
|
@ -62,6 +62,13 @@ module ActionView
|
|||
@details_keys = ThreadSafe::Cache.new
|
||||
|
||||
def self.get(details)
|
||||
if details[:formats]
|
||||
details = details.dup
|
||||
syms = Set.new Mime::SET.symbols
|
||||
details[:formats] = details[:formats].select { |v|
|
||||
syms.include? v
|
||||
}
|
||||
end
|
||||
@details_keys[details] ||= new
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue