From 33cb47ee488b2381d87f5bb36818cae5fa76c22e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafaelmfranca@gmail.com>
Date: Tue, 18 Feb 2014 16:12:51 -0300
Subject: Use the reference for the mime type to get the format

Before we were calling to_sym in the mime type, even when it is unknown
what can cause denial of service since symbols are not removed by the
garbage collector.

Fixes: CVE-2014-0082
---
 actionview/lib/action_view/template/html.rb | 2 +-
 actionview/lib/action_view/template/text.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'actionview/lib')

diff --git a/actionview/lib/action_view/template/html.rb b/actionview/lib/action_view/template/html.rb
index 282da1a8a2..0321f819b5 100644
--- a/actionview/lib/action_view/template/html.rb
+++ b/actionview/lib/action_view/template/html.rb
@@ -27,7 +27,7 @@ module ActionView #:nodoc:
       end
 
       def formats
-        [@type.to_sym]
+        [@type.respond_to?(:ref) ? @type.ref : @type.to_s]
       end
     end
   end
diff --git a/actionview/lib/action_view/template/text.rb b/actionview/lib/action_view/template/text.rb
index 859c7bc3ce..04f5b8d17a 100644
--- a/actionview/lib/action_view/template/text.rb
+++ b/actionview/lib/action_view/template/text.rb
@@ -27,7 +27,7 @@ module ActionView #:nodoc:
       end
 
       def formats
-        [@type.to_sym]
+        [@type.respond_to?(:ref) ? @type.ref : @type.to_s]
       end
     end
   end
-- 
cgit v1.2.3