diff options
| author | Santiago Pastorino <santiago@wyeworks.com> | 2013-04-22 20:20:51 -0300 |
|---|---|---|
| committer | Santiago Pastorino <santiago@wyeworks.com> | 2013-04-22 20:58:24 -0300 |
| commit | 65d417eadf59d195341f2af139aa0211e0c25280 (patch) | |
| tree | 775751a6d3dbfef48588cc8066349770cf952ebf | |
| parent | 156a566f2cc4bb1a9e33b62effd501c0b362ef10 (diff) | |
| download | rack-1.2.tar.gz | |
prevent crash when cookie doesn't contain "--"rack-1.2
This backports 881ce764f3fd70a20c5800892a132f1e6c8e7c50 so that rack
won't crash when there isn't a "--" in the rack_session cookie
Fixes #523
Conflicts:
lib/rack/session/cookie.rb
test/spec_session_cookie.rb
| -rw-r--r-- | lib/rack/session/cookie.rb | 2 | ||||
| -rw-r--r-- | test/spec_session_cookie.rb | 4 |
2 files changed, 5 insertions, 1 deletions
diff --git a/lib/rack/session/cookie.rb b/lib/rack/session/cookie.rb index 63c426f0..c5e71711 100644 --- a/lib/rack/session/cookie.rb +++ b/lib/rack/session/cookie.rb @@ -55,7 +55,7 @@ module Rack if @secret && session_data session_data, digest = session_data.split("--") - session_data = nil unless Utils.secure_compare(digest, generate_hmac(session_data)) + session_data = nil unless session_data && digest && Rack::Utils.secure_compare(digest, generate_hmac(session_data)) end begin diff --git a/test/spec_session_cookie.rb b/test/spec_session_cookie.rb index 518dc78c..ce77cab7 100644 --- a/test/spec_session_cookie.rb +++ b/test/spec_session_cookie.rb @@ -49,6 +49,10 @@ describe Rack::Session::Cookie do res = Rack::MockRequest.new(Rack::Session::Cookie.new(incrementor)). get("/", "HTTP_COOKIE" => "rack.session=blarghfasel") res.body.should.equal '{"counter"=>1}' + + app = Rack::Session::Cookie.new(incrementor, :secret => 'test') + res = Rack::MockRequest.new(app).get("/", "HTTP_COOKIE" => "rack.session=") + res.body.should.equal '{"counter"=>1}' end bigcookie = lambda do |env| |