From 27db230bd105e77e27375033ddcb487ef481686b Mon Sep 17 00:00:00 2001
From: Milo Winningham <milo@winningham.net>
Date: Sat, 22 Jun 2019 00:09:44 -0700
Subject: Prevent serialized hash from being used as options

---
 actionpack/lib/action_dispatch/middleware/cookies.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/actionpack/lib/action_dispatch/middleware/cookies.rb b/actionpack/lib/action_dispatch/middleware/cookies.rb
index 642f155085..1f3bf7fca6 100644
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@@ -532,9 +532,13 @@ module ActionDispatch
           if value
             case
             when needs_migration?(value)
-              self[name] = Marshal.load(value)
+              Marshal.load(value).tap do |v|
+                self[name] = { value: v }
+              end
             when rotate
-              self[name] = serializer.load(value)
+              serializer.load(value).tap do |v|
+                self[name] = { value: v }
+              end
             else
               serializer.load(value)
             end
-- 
cgit v1.2.3