This project is archived and is in readonly mode.

#3666 ✓resolved
Anthony Underwood

MessageVerifier and Rails 2.3.5 with ruby 1.8.7

Reported by Anthony Underwood | January 7th, 2010 @ 04:50 PM

I have a problem with ruby 1.8.7 and rails 2.3.5 in that whenever a session is initialised I get this error

uninitialized constant ActiveSupport::MessageVerifier::Encoding

This runs out to be a problem in activesupport-2.3.5/lib/active_support/message_verifier.rb

Within the private methods there is this code

if "foo".respond_to?(:force_encoding)

    # constant-time comparison algorithm to prevent timing attacks
    def secure_compare(a, b)
      a = a.dup.force_encoding(Encoding::BINARY)
      b = b.dup.force_encoding(Encoding::BINARY)

The 'Encoding::BINARY' I think is a ruby 1.9 thing, unfortunately "foo".respond_to?(:force_encoding) returns true for ruby 1.8.7.

I notice on the bleeding edge code on github this code has changed.

Thanks Anthony

Comments and changes to this ticket

  • Vijay Dev

    Vijay Dev January 9th, 2010 @ 04:06 PM

    • Tag changed from ruby 1.8.7, ruby1.9 to ruby 1.8.6, ruby 1.8.7, ruby1.9

    The problem exists when using Rails 2.3.5 with Ruby 1.8.6 as well. "foo".respond_to?(:force_encoding) returns false in Ruby 1.8.6 (irb) and returns true in Rails 2.3.5 (script/console)

  • David Trasbo

    David Trasbo July 2nd, 2010 @ 10:46 AM

    • Assigned user set to “Ryan Bigg”

    I was unable to duplicate this issue on 2.3.8:

    ➜  in ~/code/rails_bugs/message_verifier using ruby-1.8.7-p299 script/console 
    Loading development environment (Rails 2.3.8)
    ruby-1.8.7-p299 > "foo".respond_to?(:force_encoding)
     => false

    This ticket can be marked as resolved.

  • Rohit Arondekar

    Rohit Arondekar July 2nd, 2010 @ 01:42 PM

    • State changed from “new” to “resolved”
    • Importance changed from “” to “Low”

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>