diff options
| author | Mike MacDonald <crazymykl@gmail.com> | 2014-04-15 21:03:28 -0400 | 
|---|---|---|
| committer | Mike MacDonald <crazymykl@gmail.com> | 2014-04-15 21:19:00 -0400 | 
| commit | 19b2bcc76dde5f35d9b98ecf04c95198ab91dacc (patch) | |
| tree | c5fbe8b352b3dba6db59dc031c3f2e7a46ce6505 /actionpack/lib/action_controller | |
| parent | e665ce714133bfc0b45a20359c7d5af86bfb54d9 (diff) | |
| download | rails-19b2bcc76dde5f35d9b98ecf04c95198ab91dacc.tar.gz rails-19b2bcc76dde5f35d9b98ecf04c95198ab91dacc.tar.bz2 rails-19b2bcc76dde5f35d9b98ecf04c95198ab91dacc.zip | |
[ci skip] Avoid suggesting dangerous code in i18n guide
Calling `to_sym` on user input opens apps up to Denial of Service attacks, via the symbol table being expanded to consume vast swathes of memory.
It is a fairly common configuration to have DNS configured such that all subdomains route to your Rails app, in which case an attacker visits `www1.foo.com`, `www2.foo.com`, and so on until something gives.
It is far less likely to have this problem with TLDs, so that change was only for consistency.
Diffstat (limited to 'actionpack/lib/action_controller')
0 files changed, 0 insertions, 0 deletions
