2 files changed, 24 insertions, 0 deletions

diff --git a/config/application.rb b/config/application.rb
index 245a60782..c70a639e2 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -31,6 +31,8 @@ module Alaveteli
     # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
     # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
     # config.i18n.default_locale = :de
+    I18n.config.enforce_available_locales = false
+
 
     # JavaScript files you want as :defaults (application.js is always included).
     # config.action_view.javascript_expansions[:defaults] = %w(jquery rails)
diff --git a/config/initializers/rails_security_patches.rb b/config/initializers/rails_security_patches.rb
new file mode 100644
index 000000000..b7f013d04
--- /dev/null
+++ b/config/initializers/rails_security_patches.rb
@@ -0,0 +1,22 @@
+# Temporary patches for Rails security alert made on 03/12/2013
+
+# CVE-2013-6414 https://groups.google.com/forum/#!topic/rubyonrails-security/A-ebV4WxzKg
+
+ActiveSupport.on_load(:action_view) do
+  ActionView::LookupContext::DetailsKey.class_eval do
+    class << self
+      alias :old_get :get
+
+      def get(details)
+        if details[:formats]
+          details = details.dup
+          syms    = Set.new Mime::SET.symbols
+          details[:formats] = details[:formats].select { |v|
+            syms.include? v
+          }
+        end
+        old_get details
+      end
+    end
+  end
+end