Only accept formats from registered mime types

[CVE-2019-5418] [CVE-2019-5419]
author: John Hawthorn <john@hawthorn.email> 2019-03-04 18:24:51 -0800
committer: Aaron Patterson <aaron.patterson@gmail.com> 2019-03-10 20:38:22 -0700
commit: f4c70c2222180b8d9d924f00af0c7fd632e26715 (patch)
tree: 86492bce723cab80b813973e1adeef7e41e03553 /actionpack/lib/action_dispatch/http
parent: 5e6e505083c2b0caf85b2f86c6be3ff3d8750857 (diff)
download: rails-f4c70c2222180b8d9d924f00af0c7fd632e26715.tar.gz
rails-f4c70c2222180b8d9d924f00af0c7fd632e26715.tar.bz2
rails-f4c70c2222180b8d9d924f00af0c7fd632e26715.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
index 498b1e6695..4e81ba12a5 100644
--- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb
+++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb
@@ -79,6 +79,11 @@ module ActionDispatch
           else
             [Mime[:html]]
           end
+
+          v = v.select do |format|
+            format.symbol || format.ref == "*/*"
+          end
+
           set_header k, v
         end
       end
author	John Hawthorn <john@hawthorn.email>	2019-03-04 18:24:51 -0800
committer	Aaron Patterson <aaron.patterson@gmail.com>	2019-03-10 20:38:22 -0700
commit	f4c70c2222180b8d9d924f00af0c7fd632e26715 (patch)
tree	86492bce723cab80b813973e1adeef7e41e03553 /actionpack/lib/action_dispatch/http
parent	5e6e505083c2b0caf85b2f86c6be3ff3d8750857 (diff)
download	rails-f4c70c2222180b8d9d924f00af0c7fd632e26715.tar.gz rails-f4c70c2222180b8d9d924f00af0c7fd632e26715.tar.bz2 rails-f4c70c2222180b8d9d924f00af0c7fd632e26715.zip