Accessing nonexistant cookies through the signed jar should not raise an

exception
2022-11-09 12:12:34 -05:00 · 2010-01-17 21:30:38 -06:00 · 2010-01-17 21:30:38 -06:00 · eeba755a11
commit eeba755a11
parent 6ce538d485
2 changed files with 8 additions and 1 deletions
--- a/actionpack/lib/action_dispatch/middleware/cookies.rb
+++ b/actionpack/lib/action_dispatch/middleware/cookies.rb
@ -176,7 +176,9 @@ module ActionDispatch
      end

      def [](name)
-        @verifier.verify(@parent_jar[name])
+        if value = @parent_jar[name]
+          @verifier.verify(value)
+        end
      end

      def []=(key, options)
--- a/actionpack/test/controller/cookie_test.rb
+++ b/actionpack/test/controller/cookie_test.rb
@ -141,6 +141,11 @@ class CookieTest < ActionController::TestCase
    assert_equal 45, @controller.send(:cookies).signed[:user_id]
  end

+  def test_accessing_nonexistant_signed_cookie_should_not_raise_an_invalid_signature
+    get :set_signed_cookie
+    assert_nil @controller.send(:cookies).signed[:non_existant_attribute]
+  end
+
  def test_permanent_signed_cookie
    get :set_permanent_signed_cookie
    assert_match %r(#{20.years.from_now.utc.year}), @response.headers["Set-Cookie"]