mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Try only to decode strings
This approach will avoid us to check for NoMethodError when trying to decode
This commit is contained in:
parent
fb876b8a2c
commit
d0303d03a9
1 changed files with 4 additions and 2 deletions
|
@ -275,11 +275,13 @@ module ActionController #:nodoc:
|
|||
# session token. Essentially the inverse of
|
||||
# +masked_authenticity_token+.
|
||||
def valid_authenticity_token?(session, encoded_masked_token)
|
||||
return false if encoded_masked_token.nil? || encoded_masked_token.empty?
|
||||
if encoded_masked_token.nil? || encoded_masked_token.empty? || !encoded_masked_token.is_a?(String)
|
||||
return false
|
||||
end
|
||||
|
||||
begin
|
||||
masked_token = Base64.strict_decode64(encoded_masked_token)
|
||||
rescue ArgumentError, NoMethodError # encoded_masked_token is invalid Base64
|
||||
rescue ArgumentError # encoded_masked_token is invalid Base64
|
||||
return false
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue