aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/hide_actions.rb
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2014-04-17 16:50:39 -0300
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-05-06 13:36:58 -0300
commitbdcd5f94b2efdf661f201917d63476c245aa7c09 (patch)
tree4145ce7fa474621078cdeff798f7b690a98c7f84 /actionpack/lib/action_controller/metal/hide_actions.rb
parente167a54785e319c526b638d591eaca0c4da93a54 (diff)
downloadrails-bdcd5f94b2efdf661f201917d63476c245aa7c09.tar.gz
rails-bdcd5f94b2efdf661f201917d63476c245aa7c09.tar.bz2
rails-bdcd5f94b2efdf661f201917d63476c245aa7c09.zip
Only accept actions without File::SEPARATOR in the name.
This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130 Conflicts: actionpack/lib/abstract_controller/base.rb
Diffstat (limited to 'actionpack/lib/action_controller/metal/hide_actions.rb')
0 files changed, 0 insertions, 0 deletions