Mirrors/redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2024-08-26 17:58:38 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rails CVE-2012-2660.

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/1.4-stable@9767 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2012-06-03 20:08:23 +00:00
parent 3883d5e2db
commit 70b0d5722b
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
config/initializers/10-patches.rb
View File

@ -85,4 +85,30 @@ module ActionController
end
end
end
# CVE-2012-2660
# https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f1203e3376acec0f
class Request
protected
# Remove nils from the params hash
def deep_munge(hash)
hash.each_value do |v|
case v
when Array
v.grep(Hash) { |x| deep_munge(x) }
when Hash
deep_munge(v)
end
end
keys = hash.keys.find_all { |k| hash[k] == [nil] }
keys.each { |k| hash[k] = nil }
hash
end
def parse_query(qs)
deep_munge(super)
end
end
end