diff options
| author | Michael Koziarski <michael@koziarski.com> | 2009-09-13 10:36:04 +1200 |
|---|---|---|
| committer | Michael Koziarski <michael@koziarski.com> | 2009-09-13 10:36:04 +1200 |
| commit | e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8 (patch) | |
| tree | d2fd9a6c9bc991ed1c14a75d6a7c2f4eb4ff3144 | |
| parent | 81cba78e9eec5c5f36c575b14b3fa20cec383f15 (diff) | |
| download | rails-e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8.tar.gz rails-e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8.tar.bz2 rails-e590508a9b7ab5cf99d7a7675a92a1257cb9f6f8.zip | |
Dup the arguments to string compare so we can use force_encoding.
| -rw-r--r-- | activesupport/lib/active_support/message_verifier.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb index 8d14423d91..3e72100bd9 100644 --- a/activesupport/lib/active_support/message_verifier.rb +++ b/activesupport/lib/active_support/message_verifier.rb @@ -41,8 +41,8 @@ module ActiveSupport if "foo".respond_to?(:force_encoding) # constant-time comparison algorithm to prevent timing attacks def secure_compare(a, b) - a = a.force_encoding(Encoding::BINARY) - b = b.force_encoding(Encoding::BINARY) + a = a.dup.force_encoding(Encoding::BINARY) + b = b.dup.force_encoding(Encoding::BINARY) if a.length == b.length result = 0 |