Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown what can cause denial of service since symbols are not removed by the garbage collector. Fixes: CVE-2014-0082
author: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-02-11 22:56:50 -0200
committer: Rafael Mendonça França <rafaelmfranca@gmail.com> 2014-02-18 15:02:54 -0300
commit: 388d2f88886e4da8cc9fd9e14c80a4021ef47da1 (patch)
tree: e4476da834119761ca19928402217485bd7ce5f3 /actionpack/lib
parent: eaa2101b294ef546cc3fb35cc3f49c73849ac470 (diff)
download: rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.gz
rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.bz2
rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionpack/lib/action_view/template/text.rb b/actionpack/lib/action_view/template/text.rb
index 4261c3b5e2..d90e43b8f1 100644
--- a/actionpack/lib/action_view/template/text.rb
+++ b/actionpack/lib/action_view/template/text.rb
@@ -23,7 +23,7 @@ module ActionView #:nodoc:
       end
 
       def formats
-        [@mime_type.to_sym]
+        [@mime_type.respond_to?(:ref) ? @mime_type.ref : @mime_type.to_s]
       end
     end
   end
author	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-02-11 22:56:50 -0200
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2014-02-18 15:02:54 -0300
commit	388d2f88886e4da8cc9fd9e14c80a4021ef47da1 (patch)
tree	e4476da834119761ca19928402217485bd7ce5f3 /actionpack/lib
parent	eaa2101b294ef546cc3fb35cc3f49c73849ac470 (diff)
download	rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.gz rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.tar.bz2 rails-388d2f88886e4da8cc9fd9e14c80a4021ef47da1.zip