aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/request_forgery_protection.rb
diff options
context:
space:
mode:
authorRafael Mendonça França <rafaelmfranca@gmail.com>2017-11-25 11:39:37 -0500
committerRafael Mendonça França <rafaelmfranca@gmail.com>2017-11-25 11:39:37 -0500
commit0623b5d19408ef3093bef3597bfcb12cf70a08a3 (patch)
tree9027e49a5e270a5fe61088f3d38adb05854c88ed /actionpack/lib/action_controller/metal/request_forgery_protection.rb
parent8c750ffb92a8e5ee5661875c52dbc1a7686fb1bc (diff)
parentfa487763d98ccf9c3e66fdb44f09af5c37a50fe5 (diff)
downloadrails-0623b5d19408ef3093bef3597bfcb12cf70a08a3.tar.gz
rails-0623b5d19408ef3093bef3597bfcb12cf70a08a3.tar.bz2
rails-0623b5d19408ef3093bef3597bfcb12cf70a08a3.zip
Merge pull request #24510 from vipulnsward/make-variable_size_secure_compare-public
Make variable_size_secure_compare public
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 906494ba16..04fadc90e2 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -369,7 +369,7 @@ module ActionController #:nodoc:
end
def compare_with_real_token(token, session) # :doc:
- ActiveSupport::SecurityUtils.secure_compare(token, real_csrf_token(session))
+ ActiveSupport::SecurityUtils.fixed_length_secure_compare(token, real_csrf_token(session))
end
def valid_per_form_csrf_token?(token, session) # :doc:
@@ -380,7 +380,7 @@ module ActionController #:nodoc:
request.request_method
)
- ActiveSupport::SecurityUtils.secure_compare(token, correct_token)
+ ActiveSupport::SecurityUtils.fixed_length_secure_compare(token, correct_token)
else
false
end