Raise exception when calling to_h in a unfiltered Parameters

Before we returned either an empty hash or only the always permitted
parameters (:controller and :action by default).

The previous behavior was dangerous because in order to get the
attributes users usually fallback to use to_unsafe_h that could
potentially introduce security issues.

The to_unsafe_h API is also not good since Parameters is a object that
quacks like a Hash but not in all cases since to_h would return an empty
hash and users were forced to check if to_unsafe_h is defined or if the
instance is a ActionController::Parameters in order to work with it.
This end up coupling a lot of libraries and parts of the application
with something that is from the controller layer.

0 files changed, 0 insertions, 0 deletions