kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/actionpack/lib/abstract_controller
History
Rafael Mendonça França bdcd5f94b2 Only accept actions without File::SEPARATOR in the name. 
This will avoid directory traversal in implicit render.

Fixes: CVE-2014-0130

Conflicts:
	actionpack/lib/abstract_controller/base.rb
2014-05-06 13:36:58 -03:00
..
railties
asset_paths.rb
base.rb Only accept actions without File::SEPARATOR in the name. 2014-05-06 13:36:58 -03:00
callbacks.rb replace class_eval by define_method in abstract_controller/callbacks 2014-04-20 22:08:17 +04:00
collector.rb Improve a couple exception messages related to variants and mime types 2013-12-03 22:23:12 -02:00
helpers.rb move MissingHelperError out of the ClassMethods module. 2013-07-12 15:34:29 +02:00
logger.rb
rendering.rb Check if the request variable isn't nil when calling render_to_string 2014-02-20 20:53:47 +02:00
translation.rb change useless gsub to tr 2013-03-05 09:33:42 -05:00
url_for.rb