diff options
| author | Alireza Bashiri <azbshiri@gmail.com> | 2018-07-20 15:18:49 +0430 |
|---|---|---|
| committer | Alireza Bashiri <azbshiri@gmail.com> | 2018-07-20 15:18:49 +0430 |
| commit | 9b51ee9f925e9c1f64d0bae2039ff70cea0d0959 (patch) | |
| tree | 814d463548ba6732087877d99f30a1fd19cd8c96 | |
| parent | 01429a665c1eadd20a64ca25d36190a9d9b555b1 (diff) | |
| download | rails-9b51ee9f925e9c1f64d0bae2039ff70cea0d0959.tar.gz rails-9b51ee9f925e9c1f64d0bae2039ff70cea0d0959.tar.bz2 rails-9b51ee9f925e9c1f64d0bae2039ff70cea0d0959.zip | |
Prevent `RequestEncoder#encode_params` to parse falsey params
When a `get` method called with `as: :json` and `params: nil` or
`params: false` (explicitly or implicitly)
`RequestEncoder#encode_params` converts it into a `null` or `false`
value which includes a unexpected `null=` or `false` query string into
request URL. From now on `RequestEncoder#encode_params` checks whether
`params` is nil or not otherwise returns.
Move down `nil` conversion guard
Update CHANGELOG.md
| -rw-r--r-- | actionpack/CHANGELOG.md | 7 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/testing/request_encoder.rb | 2 | ||||
| -rw-r--r-- | actionpack/test/controller/integration_test.rb | 14 |
3 files changed, 22 insertions, 1 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 7645b2b0e7..af8ecb7e2a 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -50,5 +50,12 @@ *Jeremy Daer* +* Prevent `RequestEncoder#encode_params` to parse falsey params + + Now `RequestEncoder#encode_params` doesn't convert + falsey params into query string. + + *Alireza Bashiri* + Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionpack/CHANGELOG.md) for previous changes. diff --git a/actionpack/lib/action_dispatch/testing/request_encoder.rb b/actionpack/lib/action_dispatch/testing/request_encoder.rb index 01246b7a2e..9889f61951 100644 --- a/actionpack/lib/action_dispatch/testing/request_encoder.rb +++ b/actionpack/lib/action_dispatch/testing/request_encoder.rb @@ -34,7 +34,7 @@ module ActionDispatch end def encode_params(params) - @param_encoder.call(params) + @param_encoder.call(params) if params end def self.parser(content_type) diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb index 41812a82e1..39ede1442a 100644 --- a/actionpack/test/controller/integration_test.rb +++ b/actionpack/test/controller/integration_test.rb @@ -1079,6 +1079,20 @@ class IntegrationRequestEncodersTest < ActionDispatch::IntegrationTest end end + def test_get_request_with_json_excludes_null_query_string + with_routing do |routes| + routes.draw do + ActiveSupport::Deprecation.silence do + get ":action" => FooController + end + end + + get "/foos_json", as: :json + + assert_equal "http://www.example.com/foos_json", request.url + end + end + private def post_to_foos(as:) with_routing do |routes| |