aboutsummaryrefslogtreecommitdiffstats
path: root/railties/lib/rails/all.rb
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2014-04-17 16:50:39 -0300
committerRafael Mendonça França <rafaelmfranca@gmail.com>2014-05-05 11:37:34 -0300
commit0f3b7d1a319383f743f9938e1eed00f0fba7a367 (patch)
tree57e8072a1d25458442a9cec90bd687dedf271f9b /railties/lib/rails/all.rb
parent666e9f65bdfeb6cc5aa80b6254608adc3d7845ce (diff)
downloadrails-0f3b7d1a319383f743f9938e1eed00f0fba7a367.tar.gz
rails-0f3b7d1a319383f743f9938e1eed00f0fba7a367.tar.bz2
rails-0f3b7d1a319383f743f9938e1eed00f0fba7a367.zip
Only accept actions without File::SEPARATOR in the name.
This will avoid directory traversal in implicit render. Fixes: CVE-2014-0130
Diffstat (limited to 'railties/lib/rails/all.rb')
0 files changed, 0 insertions, 0 deletions