diff options
author | Cliff Pruitt <cliff.pruitt@cliffpruitt.com> | 2019-03-19 10:57:55 -0400 |
---|---|---|
committer | Cliff Pruitt <cliff.pruitt@cliffpruitt.com> | 2019-03-19 11:20:40 -0400 |
commit | ab38aa45497a38bc4a97f5eca430d43989f0b124 (patch) | |
tree | b5ed68da29c19df8d42449b812918a54d714b524 /actionpack | |
parent | 299573adc60fe0f7aa68f9c66df5ffe2efb0df40 (diff) | |
download | rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.tar.gz rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.tar.bz2 rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.zip |
Update regular expression for checking valid MIME type
MIME Type validation regular expression does not allow for MIME types initialized with strings that contain parameters after the MIME type name.
Diffstat (limited to 'actionpack')
-rw-r--r-- | actionpack/lib/action_dispatch/http/mime_type.rb | 5 | ||||
-rw-r--r-- | actionpack/test/dispatch/mime_type_test.rb | 15 |
2 files changed, 19 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/mime_type.rb b/actionpack/lib/action_dispatch/http/mime_type.rb index 296a36ad28..962d10d81b 100644 --- a/actionpack/lib/action_dispatch/http/mime_type.rb +++ b/actionpack/lib/action_dispatch/http/mime_type.rb @@ -223,7 +223,10 @@ module Mime attr_reader :hash MIME_NAME = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}" - MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME}))\z/ + MIME_PARAMETER_KEY = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}" + MIME_PARAMETER_VALUE = "#{Regexp.escape('"')}?[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}#{Regexp.escape('"')}?" + MIME_PARAMETER = "\s*\;\s+#{MIME_PARAMETER_KEY}(?:\=#{MIME_PARAMETER_VALUE})?" + MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?:\s*#{MIME_PARAMETER}\s*)*)\z/ class InvalidMimeType < StandardError; end diff --git a/actionpack/test/dispatch/mime_type_test.rb b/actionpack/test/dispatch/mime_type_test.rb index bb3d888e30..50f6c06fee 100644 --- a/actionpack/test/dispatch/mime_type_test.rb +++ b/actionpack/test/dispatch/mime_type_test.rb @@ -181,6 +181,13 @@ class MimeTypeTest < ActiveSupport::TestCase assert_equal "video/*", Mime::Type.new("video/*").to_s end + test "can be initialized with parameters" do + assert_equal "text/html; parameter", Mime::Type.new("text/html; parameter").to_s + assert_equal "text/html; parameter=abc", Mime::Type.new("text/html; parameter=abc").to_s + assert_equal 'text/html; parameter="abc"', Mime::Type.new('text/html; parameter="abc"').to_s + assert_equal 'text/html; parameter=abc; parameter2="xyz"', Mime::Type.new('text/html; parameter=abc; parameter2="xyz"').to_s + end + test "invalid mime types raise error" do assert_raises Mime::Type::InvalidMimeType do Mime::Type.new("too/many/slash") @@ -191,6 +198,14 @@ class MimeTypeTest < ActiveSupport::TestCase end assert_raises Mime::Type::InvalidMimeType do + Mime::Type.new("improper/semicolon;") + end + + assert_raises Mime::Type::InvalidMimeType do + Mime::Type.new('improper/semicolon; parameter=abc; parameter2="xyz";') + end + + assert_raises Mime::Type::InvalidMimeType do Mime::Type.new("text/html, text/plain") end |