SECURITY: prefer render plain/html to render text where possible

2025-05-28 13:51:18 +08:00 · 2017-04-10 08:01:25 -04:00
parent e49f3a408e
commit 0013a23dc1
9 changed files with 17 additions and 17 deletions
--- a/app/controllers/admin/diagnostics_controller.rb
+++ b/app/controllers/admin/diagnostics_controller.rb
@ -14,7 +14,7 @@ class Admin::DiagnosticsController < Admin::AdminController

    text << "\n\nCOUNT #{statements.count}"

-    render text: text, content_type: Mime::TEXT
+    render plain: text
  end

  def memory_stats
@ -33,7 +33,7 @@ class Admin::DiagnosticsController < Admin::AdminController
      text = MemoryDiagnostics.memory_report(class_report: params.key?(:full))
    end

-    render text: text, content_type: Mime::TEXT
+    render plain: text
  end

  def dump_heap
@ -46,9 +46,9 @@ class Admin::DiagnosticsController < Admin::AdminController
      ObjectSpace.dump_all(:output => io)
      io.close

-      render text: "HEAP DUMP:\n#{io.path}", content_type: Mime::TEXT
+      render plain: "HEAP DUMP:\n#{io.path}"
    rescue
-      render text: "HEAP DUMP:\nnot supported", content_type: Mime::TEXT
+      render plain: "HEAP DUMP:\nnot supported"
    end
  end