diff options
author | Eric Wong <normalperson@yhbt.net> | 2009-11-11 19:27:54 -0800 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2009-11-11 19:27:54 -0800 |
commit | cb90269157aeda3655b1a12ea7be4666c98a5e2c (patch) | |
tree | 3384015b2f70cccea8668acedf9f6bb5e5fe37b6 /examples/rails_app-2.3.4/config | |
parent | 82190a59a79a39fe8ac66073532878506bdc7a35 (diff) | |
download | upr-cb90269157aeda3655b1a12ea7be4666c98a5e2c.tar.gz |
examples/rails_app-2.3.4: fix session verifier 1.9
Rails 2.3.4 screwed up cookie sessions under Ruby 1.9 ref: https://rails.lighthouseapp.com/projects/8994/tickets/3144
Diffstat (limited to 'examples/rails_app-2.3.4/config')
-rw-r--r-- | examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb b/examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb new file mode 100644 index 0000000..82987f4 --- /dev/null +++ b/examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb @@ -0,0 +1,40 @@ +# Rails 2.3.4 screwed up cookie sessions under 1.9 +# ref: https://rails.lighthouseapp.com/projects/8994/tickets/3144 + +module ActiveSupport + + class MessageVerifier + + private + + undef_method :secure_compare + warn "overriding secure_compare to be Ruby 1.9-friendly" + + # constant-time comparison algorithm to prevent timing attacks + def secure_compare(a, b) + if a.respond_to?(:bytesize) + # > 1.8.6 friendly version + if a.bytesize == b.bytesize + result = 0 + j = b.each_byte + a.each_byte { |i| result |= i ^ j.next } + result == 0 + else + false + end + else + # <= 1.8.6 friendly version + if a.size == b.size + result = 0 + for i in 0..(a.length - 1) + result |= a[i] ^ b[i] + end + result == 0 + else + false + end + end + end + + end +end if Rails::VERSION::STRING == "2.3.4" && String.method_defined?(:bytesize) |