aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorAgis- <corestudiosinc@gmail.com>2014-07-11 13:24:49 +0300
committerAgis- <corestudiosinc@gmail.com>2014-07-11 13:24:49 +0300
commite67f001e7c1b3d24750e9dd81006d2ad84bbf50e (patch)
treec6e9c451bed31e853a8b21d2c9ff16754df78c2c /actionpack
parent00aae7cb38a9d7029b1530bcf21a89ead80130a4 (diff)
downloadrails-e67f001e7c1b3d24750e9dd81006d2ad84bbf50e.tar.gz
rails-e67f001e7c1b3d24750e9dd81006d2ad84bbf50e.tar.bz2
rails-e67f001e7c1b3d24750e9dd81006d2ad84bbf50e.zip
Use `#bytesize` instead of `#size` when checking for cookie overflow
Although the cookie values happens to be ASCII strings because they are Base64 encoded, it is semantically incorrect to check for the number of the characters in the cookie, when we actually want to check for the number of the bytes it consists of. Furthermore it is unecessary coupling with the current implementation that uses Base64 for encoding the values.
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/CHANGELOG.md5
-rw-r--r--actionpack/lib/action_dispatch/middleware/cookies.rb4
2 files changed, 7 insertions, 2 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index fd58f00e83..d63e5c4d6e 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,8 @@
+* Use `String#bytesize` instead of `String#size` when checking for cookie
+ overflow.
+
+ *Agis Anastasopoulos*
+
* `render nothing: true` or rendering a `nil` body no longer add a single
space to the response body.
diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index e069840b8e..ac9e5effe2 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -468,7 +468,7 @@ module ActionDispatch
options = { :value => @verifier.generate(serialize(name, options)) }
end
- raise CookieOverflow if options[:value].size > MAX_COOKIE_SIZE
+ raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
@parent_jar[name] = options
end
@@ -526,7 +526,7 @@ module ActionDispatch
options[:value] = @encryptor.encrypt_and_sign(serialize(name, options[:value]))
- raise CookieOverflow if options[:value].size > MAX_COOKIE_SIZE
+ raise CookieOverflow if options[:value].bytesize > MAX_COOKIE_SIZE
@parent_jar[name] = options
end