mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Try only to decode strings
This approach will avoid us to check for NoMethodError when trying to decode
This commit is contained in:
parent
fb876b8a2c
commit
d0303d03a9
1 changed files with 4 additions and 2 deletions
|
@ -275,11 +275,13 @@ module ActionController #:nodoc:
|
||||||
# session token. Essentially the inverse of
|
# session token. Essentially the inverse of
|
||||||
# +masked_authenticity_token+.
|
# +masked_authenticity_token+.
|
||||||
def valid_authenticity_token?(session, encoded_masked_token)
|
def valid_authenticity_token?(session, encoded_masked_token)
|
||||||
return false if encoded_masked_token.nil? || encoded_masked_token.empty?
|
if encoded_masked_token.nil? || encoded_masked_token.empty? || !encoded_masked_token.is_a?(String)
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
begin
|
begin
|
||||||
masked_token = Base64.strict_decode64(encoded_masked_token)
|
masked_token = Base64.strict_decode64(encoded_masked_token)
|
||||||
rescue ArgumentError, NoMethodError # encoded_masked_token is invalid Base64
|
rescue ArgumentError # encoded_masked_token is invalid Base64
|
||||||
return false
|
return false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue