]> git.openstreetmap.org Git - rails.git/blobdiff - script/deliver-message
projects / rails.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use secure_compare to compare passwords and tokens
[rails.git] / script / deliver-message
diff --git a/script/deliver-message b/script/deliver-message
index 71fa4f2f15b1e500d5ca55ca2be19f5db0658987..087a117c3dceeeba884d600e8107de05aa77d950 100755 (executable)
--- a/script/deliver-message
+++ b/script/deliver-message
@@ -20,8 +20,8 @@ else
   exit 0
 end
 
+exit 0 unless ActiveSupport::SecurityUtils.secure_compare(token, digest[0, 6])
 exit 0 unless from.active?
-exit 0 unless token == digest[0, 6]
 exit 0 if date < 1.month.ago
 
 message&.update(:message_read => true)
The OpenStreetMap web site