aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorGuillermo Iguaran <guilleiguaran@gmail.com>2014-10-23 11:00:30 -0300
committerGuillermo Iguaran <guilleiguaran@gmail.com>2014-10-23 14:54:17 -0300
commit0073d274de5bf3894f6da27f798238908eed43b5 (patch)
tree41b100d6a7310f2efc0c7d5efc251436d7253461 /actionpack
parent4b11dea3917f2101d7125a967877abf19c36317a (diff)
downloadrails-0073d274de5bf3894f6da27f798238908eed43b5.tar.gz
rails-0073d274de5bf3894f6da27f798238908eed43b5.tar.bz2
rails-0073d274de5bf3894f6da27f798238908eed43b5.zip
Use AS secure_compare for CSRF token comparison
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_controller/metal/request_forgery_protection.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index a4f376816f..fd20682f8f 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -1,5 +1,6 @@
require 'rack/session/abstract/id'
require 'action_controller/metal/exceptions'
+require 'active_support/security_utils'
module ActionController #:nodoc:
class InvalidAuthenticityToken < ActionControllerError #:nodoc:
@@ -305,8 +306,7 @@ module ActionController #:nodoc:
end
def compare_with_real_token(token, session)
- # Borrow a constant-time comparison from Rack
- Rack::Utils.secure_compare(token, real_csrf_token(session))
+ ActiveSupport::SecurityUtils.secure_compare(token, real_csrf_token(session))
end
def real_csrf_token(session)