From 388d2f88886e4da8cc9fd9e14c80a4021ef47da1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafaelmfranca@gmail.com>
Date: Tue, 11 Feb 2014 22:56:50 -0200
Subject: Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
---
 actionpack/lib/action_view/template/text.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_view')

diff --git a/actionpack/lib/action_view/template/text.rb b/actionpack/lib/action_view/template/text.rb
index 4261c3b5e2..d90e43b8f1 100644
--- a/actionpack/lib/action_view/template/text.rb
+++ b/actionpack/lib/action_view/template/text.rb
@@ -23,7 +23,7 @@ module ActionView #:nodoc:
       end
 
       def formats
-        [@mime_type.to_sym]
+        [@mime_type.respond_to?(:ref) ? @mime_type.ref : @mime_type.to_s]
       end
     end
   end
-- 
cgit v1.2.3