radiantcms-couchrest_model 0.2.1 → 0.2.2

data/radiantcms-couchrest_model.gemspec

@@ -2,7 +2,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{radiantcms-couchrest_model}
-  s.version = "0.2.1"
+  s.version = "0.2.2"
 
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.authors = ["davide-malagoli"]

data/vendor/rails/activesupport/lib/active_support/message_verifier.rb

@@ -40,15 +40,22 @@ module ActiveSupport
     private
       # constant-time comparison algorithm to prevent timing attacks
       def secure_compare(a, b)
-        if a.length == b.length
-          result = 0
-          for i in 0..(a.length - 1)
-            result |= a[i] ^ b[i]
-          end
-          result == 0
-        else
-          false
-        end
+        #if a.length == b.length
+        #  result = 0
+        #  for i in 0..(a.length - 1)
+        #    result |= a[i] ^ b[i]
+        #  end
+        #  result == 0
+        #else
+        #  false
+        #end
+        return false unless a.bytesize == b.bytesize
+
+        l = a.unpack "C#{a.bytesize}"
+
+        res = 0
+        b.each_byte { |byte| res |= byte ^ l.shift }
+        res == 0
       end
 
       def generate_digest(data)

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 2
-  - 1
-  version: 0.2.1
+  - 2
+  version: 0.2.2
 platform: ruby
 authors: 
 - davide-malagoli