Update regular expression for checking valid MIME type

MIME Type validation regular expression does not allow for MIME types initialized with strings that contain parameters after the MIME type name.
author: Cliff Pruitt <cliff.pruitt@cliffpruitt.com> 2019-03-19 10:57:55 -0400
committer: Cliff Pruitt <cliff.pruitt@cliffpruitt.com> 2019-03-19 11:20:40 -0400
commit: ab38aa45497a38bc4a97f5eca430d43989f0b124 (patch)
tree: b5ed68da29c19df8d42449b812918a54d714b524 /actionpack
parent: 299573adc60fe0f7aa68f9c66df5ffe2efb0df40 (diff)
download: rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.tar.gz
rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.tar.bz2
rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.zip
2 files changed, 19 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/mime_type.rb b/actionpack/lib/action_dispatch/http/mime_type.rb
index 296a36ad28..962d10d81b 100644
--- a/actionpack/lib/action_dispatch/http/mime_type.rb
+++ b/actionpack/lib/action_dispatch/http/mime_type.rb
@@ -223,7 +223,10 @@ module Mime
     attr_reader :hash
 
     MIME_NAME = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
-    MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME}))\z/
+    MIME_PARAMETER_KEY = "[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}"
+    MIME_PARAMETER_VALUE = "#{Regexp.escape('"')}?[a-zA-Z0-9][a-zA-Z0-9#{Regexp.escape('!#$&-^_.+')}]{0,126}#{Regexp.escape('"')}?"
+    MIME_PARAMETER = "\s*\;\s+#{MIME_PARAMETER_KEY}(?:\=#{MIME_PARAMETER_VALUE})?"
+    MIME_REGEXP = /\A(?:\*\/\*|#{MIME_NAME}\/(?:\*|#{MIME_NAME})(?:\s*#{MIME_PARAMETER}\s*)*)\z/
 
     class InvalidMimeType < StandardError; end
 
diff --git a/actionpack/test/dispatch/mime_type_test.rb b/actionpack/test/dispatch/mime_type_test.rb
index bb3d888e30..50f6c06fee 100644
--- a/actionpack/test/dispatch/mime_type_test.rb
+++ b/actionpack/test/dispatch/mime_type_test.rb
@@ -181,6 +181,13 @@ class MimeTypeTest < ActiveSupport::TestCase
     assert_equal "video/*", Mime::Type.new("video/*").to_s
   end
 
+  test "can be initialized with parameters" do
+    assert_equal "text/html; parameter", Mime::Type.new("text/html; parameter").to_s
+    assert_equal "text/html; parameter=abc", Mime::Type.new("text/html; parameter=abc").to_s
+    assert_equal 'text/html; parameter="abc"', Mime::Type.new('text/html; parameter="abc"').to_s
+    assert_equal 'text/html; parameter=abc; parameter2="xyz"', Mime::Type.new('text/html; parameter=abc; parameter2="xyz"').to_s
+  end
+
   test "invalid mime types raise error" do
     assert_raises Mime::Type::InvalidMimeType do
       Mime::Type.new("too/many/slash")
@@ -191,6 +198,14 @@ class MimeTypeTest < ActiveSupport::TestCase
     end
 
     assert_raises Mime::Type::InvalidMimeType do
+      Mime::Type.new("improper/semicolon;")
+    end
+
+    assert_raises Mime::Type::InvalidMimeType do
+      Mime::Type.new('improper/semicolon; parameter=abc; parameter2="xyz";')
+    end
+
+    assert_raises Mime::Type::InvalidMimeType do
       Mime::Type.new("text/html, text/plain")
     end
author	Cliff Pruitt <cliff.pruitt@cliffpruitt.com>	2019-03-19 10:57:55 -0400
committer	Cliff Pruitt <cliff.pruitt@cliffpruitt.com>	2019-03-19 11:20:40 -0400
commit	ab38aa45497a38bc4a97f5eca430d43989f0b124 (patch)
tree	b5ed68da29c19df8d42449b812918a54d714b524 /actionpack
parent	299573adc60fe0f7aa68f9c66df5ffe2efb0df40 (diff)
download	rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.tar.gz rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.tar.bz2 rails-ab38aa45497a38bc4a97f5eca430d43989f0b124.zip