Prevent serialized hash from being used as options

author: Milo Winningham <milo@winningham.net> 2019-06-22 00:09:44 -0700
committer: Milo Winningham <milo@winningham.net> 2019-06-22 12:43:11 -0700
commit: 27db230bd105e77e27375033ddcb487ef481686b (patch)
tree: 6efcf41bad05afbae37ad37788e9175b3402e56b
parent: 36b25aa1c4863cc70c74fd783fb54ba44a3a128e (diff)
download: rails-27db230bd105e77e27375033ddcb487ef481686b.tar.gz
rails-27db230bd105e77e27375033ddcb487ef481686b.tar.bz2
rails-27db230bd105e77e27375033ddcb487ef481686b.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 642f155085..1f3bf7fca6 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -532,9 +532,13 @@ module ActionDispatch
           if value
             case
             when needs_migration?(value)
-              self[name] = Marshal.load(value)
+              Marshal.load(value).tap do |v|
+                self[name] = { value: v }
+              end
             when rotate
-              self[name] = serializer.load(value)
+              serializer.load(value).tap do |v|
+                self[name] = { value: v }
+              end
             else
               serializer.load(value)
             end
author	Milo Winningham <milo@winningham.net>	2019-06-22 00:09:44 -0700
committer	Milo Winningham <milo@winningham.net>	2019-06-22 12:43:11 -0700
commit	27db230bd105e77e27375033ddcb487ef481686b (patch)
tree	6efcf41bad05afbae37ad37788e9175b3402e56b
parent	36b25aa1c4863cc70c74fd783fb54ba44a3a128e (diff)
download	rails-27db230bd105e77e27375033ddcb487ef481686b.tar.gz rails-27db230bd105e77e27375033ddcb487ef481686b.tar.bz2 rails-27db230bd105e77e27375033ddcb487ef481686b.zip