Merge branch 'master' of github.com:rails/rails

author: Vijay Dev <vijaydev.cse@gmail.com> 2013-03-30 15:47:38 +0530
committer: Vijay Dev <vijaydev.cse@gmail.com> 2013-03-30 15:47:38 +0530
commit: e63086c135bf17a43e0807ecdef3e54b22048152 (patch)
tree: 89f51923c9ea02d49f4ea97e8ec3dc0f5e3c5119 /actionpack/lib/action_controller/metal/http_authentication.rb
parent: 06e22c01e86e47ebe0835e4c6ec351175cf91b96 (diff)
parent: 6d8c070821bc846eb263b8c045ae652ebd751569 (diff)
download: rails-e63086c135bf17a43e0807ecdef3e54b22048152.tar.gz
rails-e63086c135bf17a43e0807ecdef3e54b22048152.tar.bz2
rails-e63086c135bf17a43e0807ecdef3e54b22048152.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index e295002b16..c7bb2dd147 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -299,6 +299,7 @@ module ActionController
       # allow a user to use new nonce without prompting user again for their
       # username and password.
       def validate_nonce(secret_key, request, value, seconds_to_timeout=5*60)
+        return false if value.nil?
         t = ::Base64.decode64(value).split(":").first.to_i
         nonce(secret_key, t) == value && (t - Time.now.to_i).abs <= seconds_to_timeout
       end
author	Vijay Dev <vijaydev.cse@gmail.com>	2013-03-30 15:47:38 +0530
committer	Vijay Dev <vijaydev.cse@gmail.com>	2013-03-30 15:47:38 +0530
commit	e63086c135bf17a43e0807ecdef3e54b22048152 (patch)
tree	89f51923c9ea02d49f4ea97e8ec3dc0f5e3c5119 /actionpack/lib/action_controller/metal/http_authentication.rb
parent	06e22c01e86e47ebe0835e4c6ec351175cf91b96 (diff)
parent	6d8c070821bc846eb263b8c045ae652ebd751569 (diff)
download	rails-e63086c135bf17a43e0807ecdef3e54b22048152.tar.gz rails-e63086c135bf17a43e0807ecdef3e54b22048152.tar.bz2 rails-e63086c135bf17a43e0807ecdef3e54b22048152.zip