Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Dup the arguments to string compare so we can use force_encoding.

  • Loading branch information...
commit e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8 1 parent 81cba78
@NZKoz NZKoz authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 activesupport/lib/active_support/message_verifier.rb
4 activesupport/lib/active_support/message_verifier.rb
@@ -41,8 +41,8 @@ def generate(value)
if "foo".respond_to?(:force_encoding)
# constant-time comparison algorithm to prevent timing attacks
def secure_compare(a, b)
- a = a.force_encoding(Encoding::BINARY)
- b = b.force_encoding(Encoding::BINARY)
+ a = a.dup.force_encoding(Encoding::BINARY)
+ b = b.dup.force_encoding(Encoding::BINARY)
if a.length == b.length
result = 0

3 comments on commit e590508


Is it a joke?


If you want to solve every encoding problem in this way, consider using my "force_encoding" gem - you can think about merging the gem into ActiveSupport as well ;-).

Peace guys.


No, the CI server broke with your original patch despite it working here for me on the same version.

Given how ... inconsequential this method is, it's easier to go with the simple fix which works and just park the whole discussion :)

Please sign in to comment.
Something went wrong with that request. Please try again.