[Nitro] two way crypt function
Bill Kelly
billk at cts.com
Tue Nov 13 02:14:34 EST 2007
From: George Moschovitis
>
> data = Base64.encode64(Marshal.dump(session)).chop
> data = CGI.escape("#{data}--#{generate_digest(data)}")
>
> as you can see the diggest is generated *before* escaping, ie it
> is unescapped just like when it read back.
> am I missing something?
I think the encode is fine. But:
def decode(data)
data, digest = CGI.unescape(data).split("--")
raise AlteredCookie.new unless digest == generate_digest(data)
return Marshal.load(Base64.decode64(data))
end
For whatever reason, 'data' passed to decode is already
unescaped. So calling unescape again seems to convert
'+' into ' ' (space).
E.g.
>> x = CGI.escape("hey+there")
=> "hey%2Bthere"
>> CGI.unescape(x)
=> "hey+there"
>> CGI.unescape(CGI.unescape(x))
=> "hey there"
Regards,
Bill
More information about the Nitro-general
mailing list