aboutsummaryrefslogtreecommitdiffstats
path: root/actionmailer/lib/action_mailer
diff options
context:
space:
mode:
authorMichael Koziarski <michael@koziarski.com>2013-09-23 10:17:58 +1200
committerAaron Patterson <aaron.patterson@gmail.com>2013-09-30 14:42:11 -0700
commit5aee516b5edb49d7206cd9815c13a78b6b16c5d9 (patch)
tree7a80c938567d2d4c456208bc484026d9c3b709a3 /actionmailer/lib/action_mailer
parent54c05acdba138f3a7a3d44dfc922b0fe4e4cf554 (diff)
downloadrails-5aee516b5edb49d7206cd9815c13a78b6b16c5d9.tar.gz
rails-5aee516b5edb49d7206cd9815c13a78b6b16c5d9.tar.bz2
rails-5aee516b5edb49d7206cd9815c13a78b6b16c5d9.zip
Remove the use of String#% when formatting durations in log messages
This avoids potential format string vulnerabilities where user-provided data is interpolated into the log message before String#% is called.
Diffstat (limited to 'actionmailer/lib/action_mailer')
-rw-r--r--actionmailer/lib/action_mailer/log_subscriber.rb6
1 files changed, 3 insertions, 3 deletions
diff --git a/actionmailer/lib/action_mailer/log_subscriber.rb b/actionmailer/lib/action_mailer/log_subscriber.rb
index 7ba57b19e0..4f4e21e0eb 100644
--- a/actionmailer/lib/action_mailer/log_subscriber.rb
+++ b/actionmailer/lib/action_mailer/log_subscriber.rb
@@ -4,12 +4,12 @@ module ActionMailer
class LogSubscriber < ActiveSupport::LogSubscriber
def deliver(event)
recipients = Array.wrap(event.payload[:to]).join(', ')
- info("\nSent mail to #{recipients} (%1.fms)" % event.duration)
+ info("\nSent mail to #{recipients} (#{format_duration(event.duration)})")
debug(event.payload[:mail])
end
def receive(event)
- info("\nReceived mail (%.1fms)" % event.duration)
+ info("\nReceived mail (#{format_duration(event.duration)})")
debug(event.payload[:mail])
end
@@ -19,4 +19,4 @@ module ActionMailer
end
end
-ActionMailer::LogSubscriber.attach_to :action_mailer \ No newline at end of file
+ActionMailer::LogSubscriber.attach_to :action_mailer