Merge branch 'hotfix/0.14.0.3' into rails-3-develop

author: Louise Crow <louise.crow@gmail.com> 2013-10-24 11:27:29 +0100
committer: Louise Crow <louise.crow@gmail.com> 2013-10-24 11:27:29 +0100
commit: eb37e3e6aede248e3e5558328cb3b6946d49a657 (patch)
tree: 96f6def8022e4b4286796200abd4ee16a72d2898 /lib/actionmailer_patches.rb
parent: 0de52b20c67467b7d1198f988419f6deed777c5e (diff)
parent: d450371502bcd55776e51416afea8741ca66e8b3 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/lib/actionmailer_patches.rb b/lib/actionmailer_patches.rb
new file mode 100644
index 000000000..600d3c8cc
--- /dev/null
+++ b/lib/actionmailer_patches.rb
@@ -0,0 +1,15 @@
+# Monkey patch for CVE-2013-4389
+# derived from http://seclists.org/oss-sec/2013/q4/118 to fix
+# a possible DoS vulnerability in the log subscriber component of
+# Action Mailer.
+
+require 'action_mailer'
+module ActionMailer
+  class LogSubscriber < ActiveSupport::LogSubscriber
+    def deliver(event)
+      recipients = Array.wrap(event.payload[:to]).join(', ')
+      info("\nSent mail to #{recipients} (#{event.duration.round(1)}ms)")
+      debug(event.payload[:mail])
+    end
+  end
+end
author	Louise Crow <louise.crow@gmail.com>	2013-10-24 11:27:29 +0100
committer	Louise Crow <louise.crow@gmail.com>	2013-10-24 11:27:29 +0100
commit	eb37e3e6aede248e3e5558328cb3b6946d49a657 (patch)
tree	96f6def8022e4b4286796200abd4ee16a72d2898 /lib/actionmailer_patches.rb
parent	0de52b20c67467b7d1198f988419f6deed777c5e (diff)
parent	d450371502bcd55776e51416afea8741ca66e8b3 (diff)