aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/lookup_context.rb
diff options
context:
space:
mode:
authorAaron Patterson <aaron.patterson@gmail.com>2013-12-03 11:01:56 -0800
committerAaron Patterson <aaron.patterson@gmail.com>2013-12-03 11:01:56 -0800
commitdba82120fe58d7a87973aef11bc7d85ee8ebf258 (patch)
treea0e64d31f70dd6a74f41cacbc0f17977abd0cd6f /actionview/lib/action_view/lookup_context.rb
parentbe5527b8e8fcc25946b128fe78db10d5bee2a483 (diff)
parent4e9dd5378bd5bfaa095a96068c7d1b7c4f47e1b0 (diff)
downloadrails-dba82120fe58d7a87973aef11bc7d85ee8ebf258.tar.gz
rails-dba82120fe58d7a87973aef11bc7d85ee8ebf258.tar.bz2
rails-dba82120fe58d7a87973aef11bc7d85ee8ebf258.zip
Merge branch 'master-sec'
* master-sec: Deep Munge the parameters for GET and POST Stop using i18n's built in HTML error handling. Ensure simple_format escapes its html attributes Escape the unit value provided to number_to_currency Only use valid mime type symbols as cache keys
Diffstat (limited to 'actionview/lib/action_view/lookup_context.rb')
-rw-r--r--actionview/lib/action_view/lookup_context.rb7
1 files changed, 7 insertions, 0 deletions
diff --git a/actionview/lib/action_view/lookup_context.rb b/actionview/lib/action_view/lookup_context.rb
index f9d5b97fe3..c6ff683827 100644
--- a/actionview/lib/action_view/lookup_context.rb
+++ b/actionview/lib/action_view/lookup_context.rb
@@ -62,6 +62,13 @@ module ActionView
@details_keys = ThreadSafe::Cache.new
def self.get(details)
+ if details[:formats]
+ details = details.dup
+ syms = Set.new Mime::SET.symbols
+ details[:formats] = details[:formats].select { |v|
+ syms.include? v
+ }
+ end
@details_keys[details] ||= new
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 15:57:26 +0000