5 files changed, 42 insertions, 29 deletions

diff --git a/activesupport/lib/active_support/dependencies.rb b/activesupport/lib/active_support/dependencies.rb
index 19d4ff51d7..6be19771f5 100644
--- a/activesupport/lib/active_support/dependencies.rb
+++ b/activesupport/lib/active_support/dependencies.rb
@@ -176,14 +176,22 @@ module ActiveSupport #:nodoc:
       end
 
       def const_missing(const_name)
-        # The interpreter does not pass nesting information, and in the
-        # case of anonymous modules we cannot even make the trade-off of
-        # assuming their name reflects the nesting. Resort to Object as
-        # the only meaningful guess we can make.
-        from_mod = anonymous? ? ::Object : self
+        from_mod = anonymous? ? guess_for_anonymous(const_name) : self
         Dependencies.load_missing_constant(from_mod, const_name)
       end
 
+      # Dependencies assumes the name of the module reflects the nesting (unless
+      # it can be proven that is not the case), and the path to the file that
+      # defines the constant. Anonymous modules cannot follow these conventions
+      # and we assume therefore the user wants to refer to a top-level constant.
+      def guess_for_anonymous(const_name)
+        if Object.const_defined?(const_name)
+          raise NameError, "#{const_name} cannot be autoloaded from an anonymous class or module"
+        else
+          Object
+        end
+      end
+
       def unloadable(const_desc = self)
         super(const_desc)
       end
@@ -456,8 +464,6 @@ module ActiveSupport #:nodoc:
         raise ArgumentError, "A copy of #{from_mod} has been removed from the module tree but is still active!"
       end
 
-      raise NameError, "#{from_mod} is not missing constant #{const_name}!" if from_mod.const_defined?(const_name, false)
-
       qualified_name = qualified_name_for from_mod, const_name
       path_suffix = qualified_name.underscore
 
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
index bffdfc6201..7773611e11 100644
--- a/activesupport/lib/active_support/message_encryptor.rb
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -76,12 +76,12 @@ module ActiveSupport
       encrypted_data = cipher.update(@serializer.dump(value))
       encrypted_data << cipher.final
 
-      [encrypted_data, iv].map {|v| ::Base64.strict_encode64(v)}.join("--")
+      "#{::Base64.strict_encode64 encrypted_data}--#{::Base64.strict_encode64 iv}"
     end
 
     def _decrypt(encrypted_message)
       cipher = new_cipher
-      encrypted_data, iv = encrypted_message.split("--").map {|v| ::Base64.decode64(v)}
+      encrypted_data, iv = encrypted_message.split("--").map {|v| ::Base64.strict_decode64(v)}
 
       cipher.decrypt
       cipher.key = @secret
@@ -91,7 +91,7 @@ module ActiveSupport
       decrypted_data << cipher.final
 
       @serializer.load(decrypted_data)
-    rescue OpenSSLCipherError, TypeError
+    rescue OpenSSLCipherError, TypeError, ArgumentError
       raise InvalidMessage
     end
 
diff --git a/activesupport/lib/active_support/message_verifier.rb b/activesupport/lib/active_support/message_verifier.rb
index e0cd92ae3c..a35d5980fe 100644
--- a/activesupport/lib/active_support/message_verifier.rb
+++ b/activesupport/lib/active_support/message_verifier.rb
@@ -37,7 +37,11 @@ module ActiveSupport
 
       data, digest = signed_message.split("--")
       if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
-        @serializer.load(::Base64.decode64(data))
+        begin
+          @serializer.load(::Base64.strict_decode64(data))
+        rescue ArgumentError
+          raise InvalidSignature
+        end
       else
         raise InvalidSignature
       end
diff --git a/activesupport/test/dependencies_test.rb b/activesupport/test/dependencies_test.rb
index 2392b71960..e56bab6d4c 100644
--- a/activesupport/test/dependencies_test.rb
+++ b/activesupport/test/dependencies_test.rb
@@ -530,29 +530,21 @@ class DependenciesTest < ActiveSupport::TestCase
     end
   end
 
-  def test_const_missing_should_not_double_load
-    $counting_loaded_times = 0
+  def test_const_missing_in_anonymous_modules_loads_top_level_constants
     with_autoloading_fixtures do
-      require_dependency '././counting_loader'
-      assert_equal 1, $counting_loaded_times
-      assert_raise(NameError) { ActiveSupport::Dependencies.load_missing_constant Object, :CountingLoader }
-      assert_equal 1, $counting_loaded_times
+      # class_eval STRING pushes the class to the nesting of the eval'ed code.
+      klass = Class.new.class_eval "E"
+      assert_equal E, klass
     end
   end
 
-  def test_const_missing_within_anonymous_module
-    $counting_loaded_times = 0
-    m = Module.new
-    m.module_eval "def a() CountingLoader; end"
-    extend m
+  def test_const_missing_in_anonymous_modules_raises_if_the_constant_belongs_to_Object
     with_autoloading_fixtures do
-      kls = nil
-      assert_nothing_raised { kls = a }
-      assert_equal "CountingLoader", kls.name
-      assert_equal 1, $counting_loaded_times
+      require_dependency 'e'
 
-      assert_nothing_raised { kls = a }
-      assert_equal 1, $counting_loaded_times
+      mod = Module.new
+      msg = 'E cannot be autoloaded from an anonymous class or module'
+      assert_raise(NameError, msg) { mod::E }
     end
   end
 
diff --git a/activesupport/test/message_encryptor_test.rb b/activesupport/test/message_encryptor_test.rb
index 203156baa1..b6c0a08b05 100644
--- a/activesupport/test/message_encryptor_test.rb
+++ b/activesupport/test/message_encryptor_test.rb
@@ -66,6 +66,17 @@ class MessageEncryptorTest < ActiveSupport::TestCase
     ActiveSupport.use_standard_json_time_format = prev
   end
 
+  def test_message_obeys_strict_encoding
+    bad_encoding_characters = "\n!@#"
+    message, iv = @encryptor.encrypt_and_sign("This is a very \n\nhumble string"+bad_encoding_characters)
+
+    assert_not_decrypted("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
+    assert_not_verified("#{::Base64.encode64 message.to_s}--#{::Base64.encode64 iv.to_s}")
+
+    assert_not_decrypted([iv,  message] * bad_encoding_characters)
+    assert_not_verified([iv,  message] * bad_encoding_characters)
+  end
+
   private
 
   def assert_not_decrypted(value)
@@ -81,7 +92,7 @@ class MessageEncryptorTest < ActiveSupport::TestCase
   end
 
   def munge(base64_string)
-    bits = ::Base64.decode64(base64_string)
+    bits = ::Base64.strict_decode64(base64_string)
     bits.reverse!
     ::Base64.strict_encode64(bits)
   end