Merge branch 'hotfix/0.15.0.2' into wdtk

Conflicts: Gemfile
author: Louise Crow <louise.crow@gmail.com> 2013-12-04 08:34:08 +0000
committer: Louise Crow <louise.crow@gmail.com> 2013-12-04 08:34:08 +0000
commit: 9e6a9b6a7e8866885dcedae95b88fea108118644 (patch)
tree: 3b1e28892d30e73364101686df58995fc92f800c /config/initializers/rails_security_patches.rb
parent: 63479ee9a78328ec5068cbbec13db5fb6d29bb1f (diff)
parent: 4eb8432dedc8b521086cdf163ebe5d373396d39a (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/config/initializers/rails_security_patches.rb b/config/initializers/rails_security_patches.rb
new file mode 100644
index 000000000..b7f013d04
--- /dev/null
+++ b/config/initializers/rails_security_patches.rb
@@ -0,0 +1,22 @@
+# Temporary patches for Rails security alert made on 03/12/2013
+
+# CVE-2013-6414 https://groups.google.com/forum/#!topic/rubyonrails-security/A-ebV4WxzKg
+
+ActiveSupport.on_load(:action_view) do
+  ActionView::LookupContext::DetailsKey.class_eval do
+    class << self
+      alias :old_get :get
+
+      def get(details)
+        if details[:formats]
+          details = details.dup
+          syms    = Set.new Mime::SET.symbols
+          details[:formats] = details[:formats].select { |v|
+            syms.include? v
+          }
+        end
+        old_get details
+      end
+    end
+  end
+end
author	Louise Crow <louise.crow@gmail.com>	2013-12-04 08:34:08 +0000
committer	Louise Crow <louise.crow@gmail.com>	2013-12-04 08:34:08 +0000
commit	9e6a9b6a7e8866885dcedae95b88fea108118644 (patch)
tree	3b1e28892d30e73364101686df58995fc92f800c /config/initializers/rails_security_patches.rb
parent	63479ee9a78328ec5068cbbec13db5fb6d29bb1f (diff)
parent	4eb8432dedc8b521086cdf163ebe5d373396d39a (diff)