1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Ensure MessageVerifier raises appropriate exception on tampered data

This commit is contained in:
Pratik Naik 2009-10-09 02:26:08 +01:00
parent 992c2db76c
commit 69aa5e8a86
2 changed files with 2 additions and 1 deletions

View file

@ -29,7 +29,7 @@ module ActiveSupport
raise InvalidSignature if signed_message.blank?
data, digest = signed_message.split("--")
if secure_compare(digest, generate_digest(data))
if data.present? && digest.present? && secure_compare(digest, generate_digest(data))
Marshal.load(ActiveSupport::Base64.decode64(data))
else
raise InvalidSignature

View file

@ -27,6 +27,7 @@ class MessageVerifierTest < Test::Unit::TestCase
data, hash = @verifier.generate(@data).split("--")
assert_not_verified("#{data.reverse}--#{hash}")
assert_not_verified("#{data}--#{hash.reverse}")
assert_not_verified("purejunk")
end
def assert_not_verified(message)