diff options
| author | Xavier Noria <fxn@hashref.com> | 2013-12-23 22:55:03 +0100 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2013-12-23 22:55:03 +0100 |
| commit | fa0380cb4a7f08909e961a8e355c70ba3a676253 (patch) | |
| tree | de4a1fad40391fbb8a74d845c4021b4a0724a99f | |
| parent | 33cb2f334db7d8c173a7f801a678fe5696169ed7 (diff) | |
| download | rails-fa0380cb4a7f08909e961a8e355c70ba3a676253.tar.gz rails-fa0380cb4a7f08909e961a8e355c70ba3a676253.tar.bz2 rails-fa0380cb4a7f08909e961a8e355c70ba3a676253.zip | |
AC::Parameters#permit! permits hashes in array values
| -rw-r--r-- | actionpack/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 6 | ||||
| -rw-r--r-- | actionpack/test/controller/parameters/parameters_permit_test.rb | 14 |
3 files changed, 19 insertions, 5 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 30b643c791..3e3df19a84 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,7 @@ +* `ActionController::Parameters#permit!` permits hashes in array values. + + *Xavier Noria* + * Converts hashes in arrays of unfiltered params to unpermitted params. Fixes #13382 diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 41be1b121e..48a916f2b1 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -157,8 +157,10 @@ module ActionController # Person.new(params) # => #<Person id: nil, name: "Francesco"> def permit! each_pair do |key, value| - convert_hashes_to_parameters(key, value) - self[key].permit! if self[key].respond_to? :permit! + value = convert_hashes_to_parameters(key, value) + Array.wrap(value).each do |_| + _.permit! if _.respond_to? :permit! + end end @permitted = true diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 9c1828e9aa..33a91d72d9 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -8,9 +8,16 @@ class ParametersPermitTest < ActiveSupport::TestCase end setup do - @params = ActionController::Parameters.new({ person: { - age: "32", name: { first: "David", last: "Heinemeier Hansson" } - }}) + @params = ActionController::Parameters.new( + person: { + age: '32', + name: { + first: 'David', + last: 'Heinemeier Hansson' + }, + addresses: [{city: 'Chicago', state: 'Illinois'}] + } + ) @struct_fields = [] %w(0 1 12).each do |number| @@ -233,6 +240,7 @@ class ParametersPermitTest < ActiveSupport::TestCase assert @params.permitted? assert @params[:person].permitted? assert @params[:person][:name].permitted? + assert @params[:person][:addresses][0].permitted? end test "permitted takes a default value when Parameters.permit_all_parameters is set" do |