diff options
| author | Roque Pinel <repinel@gmail.com> | 2015-06-04 17:16:02 -0500 |
|---|---|---|
| committer | Roque Pinel <repinel@gmail.com> | 2015-06-14 11:35:27 -0400 |
| commit | 4092f997f0c54564fea9ce68c2cf14d81c65ce87 (patch) | |
| tree | 07e42bc6cc77d5e14187c0d488429c0056ab5a0c /activesupport/lib/active_support/message_verifier.rb | |
| parent | 70902cfbdd84be20e1862e5b32f2c378e00570e1 (diff) | |
| download | rails-4092f997f0c54564fea9ce68c2cf14d81c65ce87.tar.gz rails-4092f997f0c54564fea9ce68c2cf14d81c65ce87.tar.bz2 rails-4092f997f0c54564fea9ce68c2cf14d81c65ce87.zip | |
Fix the message verifier encoding issue
```ruby
verifier = ActiveSupport::MessageVerifier.new('secret')
verifier.verify("\xff") # => ArgumentError: invalid byte sequence in UTF-8
```
Diffstat (limited to 'activesupport/lib/active_support/message_verifier.rb')
| -rw-r--r-- | activesupport/lib/active_support/message_verifier.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb index eee9bbaead..b2a4404968 100644 --- a/activesupport/lib/active_support/message_verifier.rb +++ b/activesupport/lib/active_support/message_verifier.rb @@ -44,7 +44,7 @@ module ActiveSupport # tampered_message = signed_message.chop # editing the message invalidates the signature # verifier.valid_message?(tampered_message) # => false def valid_message?(signed_message) - return if signed_message.blank? + return if signed_message.nil? || !signed_message.valid_encoding? || signed_message.blank? data, digest = signed_message.split("--") data.present? && digest.present? && ActiveSupport::SecurityUtils.secure_compare(digest, generate_digest(data)) |