4 files changed, 27 insertions, 10 deletions
diff --git a/activesupport/lib/active_support/core_ext/object/to_query.rb b/activesupport/lib/active_support/core_ext/object/to_query.rb
index 3f1540f685..5d5fcf00e0 100644
--- a/activesupport/lib/active_support/core_ext/object/to_query.rb
+++ b/activesupport/lib/active_support/core_ext/object/to_query.rb
@@ -7,7 +7,7 @@ class Object
   # Note: This method is defined as a default implementation for all Objects for Hash#to_query to work.
   def to_query(key)
     require 'cgi' unless defined?(CGI) && defined?(CGI::escape)
-    "#{CGI.escape(key.to_s)}=#{CGI.escape(to_param.to_s)}"
+    "#{CGI.escape(key.to_param)}=#{CGI.escape(to_param.to_s)}"
   end
 end
 
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
index 05b39b89bf..3ae3d64fa4 100644
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -142,7 +142,7 @@ module ActiveSupport #:nodoc:
     end
 
     UNSAFE_STRING_METHODS.each do |unsafe_method|
-      class_eval <<-EOT, __FILE__, __LINE__
+      class_eval <<-EOT, __FILE__, __LINE__ + 1
         def #{unsafe_method}(*args, &block)       # def capitalize(*args, &block)
           to_str.#{unsafe_method}(*args, &block)  #   to_str.gsub(*args, &block)
         end                                       # end
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
index 4f7cd12d48..e14386a85d 100644
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -13,9 +13,15 @@ module ActiveSupport
     class InvalidMessage < StandardError; end
     OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
 
-    def initialize(secret, cipher = 'aes-256-cbc')
+    def initialize(secret, options = {})
+      unless options.is_a?(Hash)
+        ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :cipher => 'algorithm' to specify the cipher algorithm."
+        options = { :cipher => options }
+      end
+      
       @secret = secret
-      @cipher = cipher
+      @cipher = options[:cipher] || 'aes-256-cbc'
+      @serializer = options[:serializer] || Marshal
     end
 
     def encrypt(value)
@@ -27,7 +33,7 @@ module ActiveSupport
       cipher.key = @secret
       cipher.iv  = iv
 
-      encrypted_data = cipher.update(Marshal.dump(value))
+      encrypted_data = cipher.update(@serializer.dump(value))
       encrypted_data << cipher.final
 
       [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
@@ -44,7 +50,7 @@ module ActiveSupport
       decrypted_data = cipher.update(encrypted_data)
       decrypted_data << cipher.final
 
-      Marshal.load(decrypted_data)
+      @serializer.load(decrypted_data)
     rescue OpenSSLCipherError, TypeError
       raise InvalidMessage
     end
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index 8f3946325a..9d7c81142a 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -18,12 +18,23 @@ module ActiveSupport
   #     self.current_user = User.find(id)
   #   end
   #
+  # By default it uses Marshal to serialize the message. If you want to use another 
+  # serialization method, you can set the serializer attribute to something that responds
+  # to dump and load, e.g.:
+  #
+  #   @verifier.serializer = YAML
   class MessageVerifier
     class InvalidSignature < StandardError; end
 
-    def initialize(secret, digest = 'SHA1')
+    def initialize(secret, options = {})
+      unless options.is_a?(Hash)
+        ActiveSupport::Deprecation.warn "The second parameter should be an options hash. Use :digest => 'algorithm' to specify the digest algorithm."
+        options = { :digest => options }
+      end
+
       @secret = secret
-      @digest = digest
+      @digest = options[:digest] || 'SHA1'
+      @serializer = options[:serializer] || Marshal
     end
 
     def verify(signed_message)
@@ -31,14 +42,14 @@ module ActiveSupport
 
       data, digest = signed_message.split("--")
       if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
-        Marshal.load(ActiveSupport::Base64.decode64(data))
+        @serializer.load(ActiveSupport::Base64.decode64(data))
       else
         raise InvalidSignature
       end
     end
 
     def generate(value)
-      data = ActiveSupport::Base64.encode64s(Marshal.dump(value))
+      data = ActiveSupport::Base64.encode64s(@serializer.dump(value))
       "#{data}--#{generate_digest(data)}"
     end