Last active
May 28, 2019 09:49
-
-
Save matt-whiteley/38fcc38159b2381365b1b865110fed73 to your computer and use it in GitHub Desktop.
Patch for CVE-2019-5418 where gem version upgrade in rails 4 is not possible due to compatibility issues. This file needs to be added as an initializer. Confirmed working on 4.1.x.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'action_dispatch/http/mime_negotiation' | |
| module ActionDispatch | |
| module Http | |
| module MimeNegotiation | |
| def formats | |
| @env["action_dispatch.request.formats"] ||= | |
| if parameters[:format] | |
| Array(Mime[parameters[:format]]) | |
| elsif use_accept_header && valid_accept_header | |
| accepts | |
| elsif xhr? | |
| [Mime::JS] | |
| else | |
| [Mime::HTML] | |
| end.select do |format| | |
| format.symbol || format.ref == '*/*' | |
| end | |
| end | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment