@@ -11,6 +11,9 @@ use std::sync::atomic::{AtomicBool, Ordering};
1111// The name of the actual flash cookie.
1212const FLASH_COOKIE_NAME : & str = "_flash" ;
1313
14+ // Character to use as a delimiter after the cookie's name's length.
15+ const FLASH_COOKIE_DELIM : char = ':' ;
16+
1417/// Sets a "flash" cookie that will be removed when it is accessed. The
1518/// analogous request type is [`FlashMessage`].
1619///
@@ -181,7 +184,9 @@ impl<'r, R: Responder<'r>> Flash<R> {
181184 }
182185
183186 fn cookie ( & self ) -> Cookie < ' static > {
184- let content = format ! ( "{}{}{}" , self . name. len( ) , self . name, self . message) ;
187+ let content = format ! ( "{}{}{}{}" ,
188+ self . name. len( ) , FLASH_COOKIE_DELIM , self . name, self . message) ;
189+
185190 Cookie :: build ( FLASH_COOKIE_NAME , content)
186191 . max_age ( Duration :: minutes ( 5 ) )
187192 . path ( "/" )
@@ -250,9 +255,9 @@ impl<'a, 'r> FromRequest<'a, 'r> for Flash<&'a Request<'r>> {
250255
251256 // Parse the flash message.
252257 let content = cookie. value ( ) ;
253- let ( len_str, kv) = match content. find ( | c : char | !c . is_digit ( 10 ) ) {
254- Some ( i) => ( & content[ ..i] , & content[ i ..] ) ,
255- None => ( content , "" ) ,
258+ let ( len_str, kv) = match content. find ( FLASH_COOKIE_DELIM ) {
259+ Some ( i) => ( & content[ ..i] , & content[ ( i + 1 ) ..] ) ,
260+ None => return Err ( ( ) ) ,
256261 } ;
257262
258263 match len_str. parse :: < usize > ( ) {
0 commit comments