Skip to content
This repository
Browse code

Dup the arguments to string compare so we can use force_encoding.

  • Loading branch information...
commit e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8 1 parent 81cba78
Michael Koziarski authored September 13, 2009
4  activesupport/lib/active_support/message_verifier.rb
@@ -41,8 +41,8 @@ def generate(value)
41 41
       if "foo".respond_to?(:force_encoding)
42 42
         # constant-time comparison algorithm to prevent timing attacks
43 43
         def secure_compare(a, b)
44  
-          a = a.force_encoding(Encoding::BINARY)
45  
-          b = b.force_encoding(Encoding::BINARY)
  44
+          a = a.dup.force_encoding(Encoding::BINARY)
  45
+          b = b.dup.force_encoding(Encoding::BINARY)
46 46
 
47 47
           if a.length == b.length
48 48
             result = 0

3 notes on commit e590508

Kuba Kuźma

Is it a joke?

Kuba Kuźma

If you want to solve every encoding problem in this way, consider using my "force_encoding" gem http://github.com/qoobaa/force_encoding - you can think about merging the gem into ActiveSupport as well ;-).

Peace guys.

Michael Koziarski
Owner

No, the CI server broke with your original patch despite it working here for me on the same version.

Given how ... inconsequential this method is, it's easier to go with the simple fix which works and just park the whole discussion :)

Please sign in to comment.
Something went wrong with that request. Please try again.