diff options
Diffstat (limited to 'examples/rails_app-2.3.4')
-rw-r--r-- | examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb b/examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb new file mode 100644 index 0000000..82987f4 --- /dev/null +++ b/examples/rails_app-2.3.4/config/initializers/ruby_19_compat.rb @@ -0,0 +1,40 @@ +# Rails 2.3.4 screwed up cookie sessions under 1.9 +# ref: https://rails.lighthouseapp.com/projects/8994/tickets/3144 + +module ActiveSupport + + class MessageVerifier + + private + + undef_method :secure_compare + warn "overriding secure_compare to be Ruby 1.9-friendly" + + # constant-time comparison algorithm to prevent timing attacks + def secure_compare(a, b) + if a.respond_to?(:bytesize) + # > 1.8.6 friendly version + if a.bytesize == b.bytesize + result = 0 + j = b.each_byte + a.each_byte { |i| result |= i ^ j.next } + result == 0 + else + false + end + else + # <= 1.8.6 friendly version + if a.size == b.size + result = 0 + for i in 0..(a.length - 1) + result |= a[i] ^ b[i] + end + result == 0 + else + false + end + end + end + + end +end if Rails::VERSION::STRING == "2.3.4" && String.method_defined?(:bytesize) |