Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082

actionview/lib/action_view/template/html.rb

@@ -27,7 +27,7 @@ module ActionView #:nodoc:
       end
 
       def formats
-        [@type.to_sym]
+        [@type.respond_to?(:ref) ? @type.ref : @type.to_s]
       end
     end
   end

actionview/lib/action_view/template/text.rb

@@ -27,7 +27,7 @@ module ActionView #:nodoc:
       end
 
       def formats
-        [@type.to_sym]
+        [@type.respond_to?(:ref) ? @type.ref : @type.to_s]
       end
     end
   end

actionview/test/template/html_test.rb

@@ -0,0 +1,17 @@
+require 'abstract_unit'
+
+class HTMLTest < ActiveSupport::TestCase
+  test 'formats returns symbol for recognized MIME type' do
+    assert_equal [:html], ActionView::Template::HTML.new('', :html).formats
+  end
+
+  test 'formats returns string for recognized MIME type when MIME does not have symbol' do
+    foo = Mime::Type.lookup("foo")
+    assert_nil foo.to_sym
+    assert_equal ['foo'], ActionView::Template::HTML.new('', foo).formats
+  end
+
+  test 'formats returns string for unknown MIME type' do
+    assert_equal ['foo'], ActionView::Template::HTML.new('', 'foo').formats
+  end
+end

actionview/test/template/text_test.rb

@@ -0,0 +1,17 @@
+require 'abstract_unit'
+
+class TextTest < ActiveSupport::TestCase
+  test 'formats returns symbol for recognized MIME type' do
+    assert_equal [:text], ActionView::Template::Text.new('', :text).formats
+  end
+
+  test 'formats returns string for recognized MIME type when MIME does not have symbol' do
+    foo = Mime::Type.lookup("foo")
+    assert_nil foo.to_sym
+    assert_equal ['foo'], ActionView::Template::Text.new('', foo).formats
+  end
+
+  test 'formats returns string for unknown MIME type' do
+    assert_equal ['foo'], ActionView::Template::Text.new('', 'foo').formats
+  end
+end