From 1a45ec57bffeebea3e73a96edd13873d180be997 Mon Sep 17 00:00:00 2001
From: Charlie Somerville <charlie@charliesomerville.com>
Date: Fri, 9 May 2014 23:55:20 +1000
Subject: [PATCH] CVE-2014-0130 protection

---
 actionpack/lib/action_controller/base.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index 4f5b6e33e0432..ab797df4a7aba 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -1320,7 +1320,14 @@ def default_render #:nodoc:
         render
       end
 
+      CVE_2014_0310 = Class.new(StandardError)
+
       def perform_action
+        # CVE-2014-0130 protection
+        if action_name.include? "/"
+          raise CVE_2014_0310
+        end
+
         if action_methods.include?(action_name)
           send(action_name)
           default_render unless performed?