aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_dispatch/request/utils.rb
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-18 16:12:51 -0300
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-02-18 16:12:51 -0300
commit33cb47ee488b2381d87f5bb36818cae5fa76c22e (patch)
tree8f85e606fc4c0a46475dbbc03f49c64eab674c03 /actionpack/lib/action_dispatch/request/utils.rb
parent1879c259b870938c42d5d52f63123bfa0b8c81c8 (diff)
downloadrails-33cb47ee488b2381d87f5bb36818cae5fa76c22e.tar.gz
rails-33cb47ee488b2381d87f5bb36818cae5fa76c22e.tar.bz2
rails-33cb47ee488b2381d87f5bb36818cae5fa76c22e.zip
Use the reference for the mime type to get the format
Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
Diffstat (limited to 'actionpack/lib/action_dispatch/request/utils.rb')
0 files changed, 0 insertions, 0 deletions