4 files changed, 25 insertions, 2 deletions

diff --git a/Gemfile b/Gemfile
index 5cb705a07..d66d6e8f2 100644
--- a/Gemfile
+++ b/Gemfile
@@ -46,7 +46,6 @@ gem 'zip'
 gem 'fast_gettext'
 gem 'gettext_i18n_rails'
 gem 'gettext'
-
 gem 'globalize3', :git => 'git://github.com/globalize/globalize.git', :ref => '5fd95f2389dff1'
 gem 'locale'
 gem 'routing-filter'
diff --git a/Gemfile.lock b/Gemfile.lock
index 53f77e1e3..af48c2d4b 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -103,7 +103,7 @@ GEM
       tilt
     highline (1.6.19)
     hike (1.2.2)
-    i18n (0.6.4)
+    i18n (0.6.9)
     jquery-rails (2.3.0)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
diff --git a/config/application.rb b/config/application.rb
index 245a60782..c70a639e2 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -31,6 +31,8 @@ module Alaveteli
     # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
     # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
     # config.i18n.default_locale = :de
+    I18n.config.enforce_available_locales = false
+
 
     # JavaScript files you want as :defaults (application.js is always included).
     # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
diff --git a/config/initializers/rails_security_patches.rb b/config/initializers/rails_security_patches.rb
new file mode 100644
index 000000000..b7f013d04
--- /dev/null
+++ b/config/initializers/rails_security_patches.rb
@@ -0,0 +1,22 @@
+# Temporary patches for Rails security alert made on 03/12/2013
+
+# CVE-2013-6414 https://groups.google.com/forum/#!topic/rubyonrails-security/A-ebV4WxzKg
+
+ActiveSupport.on_load(:action_view) do
+  ActionView::LookupContext::DetailsKey.class_eval do
+    class << self
+      alias :old_get :get
+
+      def get(details)
+        if details[:formats]
+          details = details.dup
+          syms    = Set.new Mime::SET.symbols
+          details[:formats] = details[:formats].select { |v|
+            syms.include? v
+          }
+        end
+        old_get details
+      end
+    end
+  end
+end