aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/testing
diff options
context:
space:
mode:
authorAaron Patterson <aaron.patterson@gmail.com>2016-01-20 10:39:19 -0800
committerAaron Patterson <aaron.patterson@gmail.com>2016-01-22 15:02:27 -0800
commitb7758b40fc035a47f6843158155606d455314c42 (patch)
tree92e2bdb231a7dda8902e0563bdc98867098c298a /actionview/lib/action_view/testing
parent0fde6f554b75b13b0435dd70f1c3ec02bc209e0d (diff)
downloadrails-b7758b40fc035a47f6843158155606d455314c42.tar.gz
rails-b7758b40fc035a47f6843158155606d455314c42.tar.bz2
rails-b7758b40fc035a47f6843158155606d455314c42.zip
allow :file to be outside rails root, but anything else must be inside the rails view directory
CVE-2016-0752
Diffstat (limited to 'actionview/lib/action_view/testing')
-rw-r--r--actionview/lib/action_view/testing/resolvers.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/actionview/lib/action_view/testing/resolvers.rb b/actionview/lib/action_view/testing/resolvers.rb
index 63a60542d4..2664aca991 100644
--- a/actionview/lib/action_view/testing/resolvers.rb
+++ b/actionview/lib/action_view/testing/resolvers.rb
@@ -19,7 +19,7 @@ module ActionView #:nodoc:
private
- def query(path, exts, formats)
+ def query(path, exts, formats, _)
query = ""
EXTENSIONS.each_key do |ext|
query << '(' << exts[ext].map {|e| e && Regexp.escape(".#{e}") }.join('|') << '|)'
@@ -44,7 +44,7 @@ module ActionView #:nodoc:
end
class NullResolver < PathResolver
- def query(path, exts, formats)
+ def query(path, exts, formats, _)
handler, format, variant = extract_handler_and_format_and_variant(path, formats)
[ActionView::Template.new("Template generated by Null Resolver", path.virtual, handler, :virtual_path => path.virtual, :format => format, :variant => variant)]
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 10:13:05 +0000