Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082

2 files changed, 34 insertions, 0 deletions

diff --git a/actionview/test/template/html_test.rb b/actionview/test/template/html_test.rb
new file mode 100644
index 0000000000..549c12c88c
--- /dev/null
+++ b/actionview/test/template/html_test.rb
@@ -0,0 +1,17 @@
+require 'abstract_unit'
+
+class HTMLTest < ActiveSupport::TestCase
+  test 'formats returns symbol for recognized MIME type' do
+    assert_equal [:html], ActionView::Template::HTML.new('', :html).formats
+  end
+
+  test 'formats returns string for recognized MIME type when MIME does not have symbol' do
+    foo = Mime::Type.lookup("foo")
+    assert_nil foo.to_sym
+    assert_equal ['foo'], ActionView::Template::HTML.new('', foo).formats
+  end
+
+  test 'formats returns string for unknown MIME type' do
+    assert_equal ['foo'], ActionView::Template::HTML.new('', 'foo').formats
+  end
+end
diff --git a/actionview/test/template/text_test.rb b/actionview/test/template/text_test.rb
new file mode 100644
index 0000000000..d899d54589
--- /dev/null
+++ b/actionview/test/template/text_test.rb
@@ -0,0 +1,17 @@
+require 'abstract_unit'
+
+class TextTest < ActiveSupport::TestCase
+  test 'formats returns symbol for recognized MIME type' do
+    assert_equal [:text], ActionView::Template::Text.new('', :text).formats
+  end
+
+  test 'formats returns string for recognized MIME type when MIME does not have symbol' do
+    foo = Mime::Type.lookup("foo")
+    assert_nil foo.to_sym
+    assert_equal ['foo'], ActionView::Template::Text.new('', foo).formats
+  end
+
+  test 'formats returns string for unknown MIME type' do
+    assert_equal ['foo'], ActionView::Template::Text.new('', 'foo').formats
+  end
+end