diff options
author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2017-04-11 22:21:14 -0400 |
---|---|---|
committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2017-04-18 17:33:25 -0400 |
commit | 29333ddb69e69d0fa99a66bf5fab333e8c5611aa (patch) | |
tree | 02123cb8db76390151f057b4fa85fa73a832b059 /actionpack/lib/action_controller/metal/strong_parameters.rb | |
parent | af878151dbf93fae647ec682d96c0caaeb9a81f1 (diff) | |
download | rails-29333ddb69e69d0fa99a66bf5fab333e8c5611aa.tar.gz rails-29333ddb69e69d0fa99a66bf5fab333e8c5611aa.tar.bz2 rails-29333ddb69e69d0fa99a66bf5fab333e8c5611aa.zip |
Implement ActionController::Parameters#to_query and #to_param
Previously it was raising an error because it may be unsafe to use those
methods in a unpermitted parameter. Now we delegate to to_h that already
raise an error when the Parameters instance is not permitted.
This also fix a bug when using `#to_query` in a hash that contains a
`ActionController::Parameters` instance and was returning the name of the
class in the string.
Diffstat (limited to 'actionpack/lib/action_controller/metal/strong_parameters.rb')
-rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 62c654da03..ac8e7eec84 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -275,6 +275,34 @@ module ActionController to_h.to_hash end + # Returns a string representation of the receiver suitable for use as a URL + # query string: + # + # params = ActionController::Parameters.new({ + # name: 'David', + # nationality: 'Danish' + # }) + # params.to_query + # # => "name=David&nationality=Danish" + # + # An optional namespace can be passed to enclose key names: + # + # params = ActionController::Parameters.new({ + # name: 'David', + # nationality: 'Danish' + # }) + # params.to_query('user') + # # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish" + # + # The string pairs "key=value" that conform the query string + # are sorted lexicographically in ascending order. + # + # This method is also aliased as +to_param+. + def to_query(*args) + to_h.to_query(*args) + end + alias_method :to_param, :to_query + # Returns an unsafe, unfiltered # <tt>ActiveSupport::HashWithIndifferentAccess</tt> representation of this # parameter. @@ -744,8 +772,6 @@ module ActionController end end - undef_method :to_param - # Returns duplicate of object including all parameters. def deep_dup self.class.new(@parameters.deep_dup).tap do |duplicate| |