diff options
| -rw-r--r-- | config/initializers/rails_security_patches.rb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/config/initializers/rails_security_patches.rb b/config/initializers/rails_security_patches.rb new file mode 100644 index 000000000..b7f013d04 --- /dev/null +++ b/config/initializers/rails_security_patches.rb @@ -0,0 +1,22 @@ +# Temporary patches for Rails security alert made on 03/12/2013 + +# CVE-2013-6414 https://groups.google.com/forum/#!topic/rubyonrails-security/A-ebV4WxzKg + +ActiveSupport.on_load(:action_view) do + ActionView::LookupContext::DetailsKey.class_eval do + class << self + alias :old_get :get + + def get(details) + if details[:formats] + details = details.dup + syms = Set.new Mime::SET.symbols + details[:formats] = details[:formats].select { |v| + syms.include? v + } + end + old_get details + end + end + end +end |