kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Update regular expression for checking valid MIME type

Browse source 
MIME Type validation regular expression does not allow for MIME types initialized with strings that contain parameters after the MIME type name.
This commit is contained in:
Cliff Pruitt 2019-03-19 10:57:55 -04:00
parent 299573adc6
commit ab38aa4549
2 changed files with 19 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
actionpack/lib/action_dispatch/http/mime_type.rb
View file

@ -223,7 +223,10 @@ module Mime
attr_reader :hash
MIME_NAME = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME}))\z/
MIME_PARAMETER_KEY = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
MIME_PARAMETER_VALUE = "#{Regexp.escape('"')}?[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}#{Regexp.escape('"')}?"
MIME_PARAMETER = "\s*\;\s+#{MIME_PARAMETER_KEY}(?:\=#{MIME_PARAMETER_VALUE})?"
MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?:\s*#{MIME_PARAMETER}\s*)*)\z/
class InvalidMimeType < StandardError; end

15
actionpack/test/dispatch/mime_type_test.rb
View file

@ -181,6 +181,13 @@ class MimeTypeTest < ActiveSupport::TestCase
assert_equal "video/*", Mime::Type.new("video/*").to_s
end
test "can be initialized with parameters" do
assert_equal "text/html; parameter", Mime::Type.new("text/html; parameter").to_s
assert_equal "text/html; parameter=abc", Mime::Type.new("text/html; parameter=abc").to_s
assert_equal 'text/html; parameter="abc"', Mime::Type.new('text/html; parameter="abc"').to_s
assert_equal 'text/html; parameter=abc; parameter2="xyz"', Mime::Type.new('text/html; parameter=abc; parameter2="xyz"').to_s
end
test "invalid mime types raise error" do
assert_raises Mime::Type::InvalidMimeType do
Mime::Type.new("too/many/slash")
@ -190,6 +197,14 @@ class MimeTypeTest < ActiveSupport::TestCase
Mime::Type.new("missingslash")
end
assert_raises Mime::Type::InvalidMimeType do
Mime::Type.new("improper/semicolon;")
end
assert_raises Mime::Type::InvalidMimeType do
Mime::Type.new('improper/semicolon; parameter=abc; parameter2="xyz";')
end
assert_raises Mime::Type::InvalidMimeType do
Mime::Type.new("text/html, text/plain")
end