[Nitro] two way crypt function

Bill Kelly billk at cts.com
Tue Nov 13 02:14:34 EST 2007


From: George Moschovitis
>
>     data = Base64.encode64(Marshal.dump(session)).chop
>     data = CGI.escape("#{data}--#{generate_digest(data)}")
> 
> as you can see the diggest is generated *before* escaping, ie it
> is unescapped just like when it read back. 
> am I missing something?

I think the encode is fine.  But:

  def decode(data)
    data, digest = CGI.unescape(data).split("--")
    raise AlteredCookie.new unless digest == generate_digest(data)
    return Marshal.load(Base64.decode64(data))
  end

For whatever reason, 'data' passed to decode is already
unescaped.  So calling unescape again seems to convert
'+' into ' ' (space).

E.g.

>> x = CGI.escape("hey+there")
=> "hey%2Bthere"
>> CGI.unescape(x)
=> "hey+there"
>> CGI.unescape(CGI.unescape(x))
=> "hey there"


Regards,

Bill




More information about the Nitro-general mailing list