Overview

File CVE-2013-6417.patch of Package rubygem-actionpack-3_2.openSUSE_13.1_Update

diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 3115573..0f92b82 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -228,13 +228,13 @@
 
     # Override Rack's GET method to support indifferent access
     def GET
-      @env["action_dispatch.request.query_parameters"] ||= (normalize_parameters(super) || {})
+      @env["action_dispatch.request.query_parameters"] ||= deep_munge(normalize_parameters(super) || {})
     end
     alias :query_parameters :GET
 
     # Override Rack's POST method to support indifferent access
     def POST
-      @env["action_dispatch.request.request_parameters"] ||= (normalize_parameters(super) || {})
+      @env["action_dispatch.request.request_parameters"] ||= deep_munge(normalize_parameters(super) || {})
     end
     alias :request_parameters :POST
openSUSE Build Service is sponsored by
Places