Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Dup the arguments to string compare so we can use force_encoding.

  • Loading branch information...
commit e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8 1 parent 81cba78
@NZKoz NZKoz authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 activesupport/lib/active_support/message_verifier.rb
View
4 activesupport/lib/active_support/message_verifier.rb
@@ -41,8 +41,8 @@ def generate(value)
if "foo".respond_to?(:force_encoding)
# constant-time comparison algorithm to prevent timing attacks
def secure_compare(a, b)
- a = a.force_encoding(Encoding::BINARY)
- b = b.force_encoding(Encoding::BINARY)
+ a = a.dup.force_encoding(Encoding::BINARY)
+ b = b.dup.force_encoding(Encoding::BINARY)
if a.length == b.length
result = 0

3 comments on commit e590508

@qoobaa

Is it a joke?

@qoobaa

If you want to solve every encoding problem in this way, consider using my "force_encoding" gem http://github.com/qoobaa/force_encoding - you can think about merging the gem into ActiveSupport as well ;-).

Peace guys.

@NZKoz
Owner

No, the CI server broke with your original patch despite it working here for me on the same version.

Given how ... inconsequential this method is, it's easier to go with the simple fix which works and just park the whole discussion :)

Please sign in to comment.
Something went wrong with that request. Please try again.