Merge branch '2-3-github' into json-sessions

2026-01-09 14:48:08 -05:00 · 2014-05-13 15:29:47 -05:00
parent 9070fbcffe 7403667b89
commit 5f6c95e29e
1 changed files with 7 additions and 0 deletions
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -1320,7 +1320,14 @@ module ActionController #:nodoc:
        render
      end

+      CVE_2014_0310 = Class.new(StandardError)
+
      def perform_action
+        # CVE-2014-0130 protection
+        if action_name.include? "/"
+          raise CVE_2014_0310
+        end
+
        if action_methods.include?(action_name)
          send(action_name)
          default_render unless performed?