aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal/strong_parameters.rb
diff options
context:
space:
mode:
authorKasper Timm Hansen <kaspth@gmail.com>2015-12-17 21:21:12 +0100
committerKasper Timm Hansen <kaspth@gmail.com>2015-12-17 21:55:03 +0100
commit4b46c5ce83eaff77781d579bdfb6548de7f5a80a (patch)
tree971ee4b02c3a6c47f77718b4c0e66be16bf25760 /actionpack/lib/action_controller/metal/strong_parameters.rb
parent623c3706b9b2d2ea87f8eb5eafde7b98b8f12728 (diff)
downloadrails-4b46c5ce83eaff77781d579bdfb6548de7f5a80a.tar.gz
rails-4b46c5ce83eaff77781d579bdfb6548de7f5a80a.tar.bz2
rails-4b46c5ce83eaff77781d579bdfb6548de7f5a80a.zip
Only dup Ruby's Hash and Array.
When calling `to_h` on an `ActionController::Parameters` instance it would `deep_dup` its internal parameters. This inadvertently called `dup` on a passed Active Record model which would create new models. Fix by only dupping Ruby's Arrays and Hashes.
Diffstat (limited to 'actionpack/lib/action_controller/metal/strong_parameters.rb')
-rw-r--r--actionpack/lib/action_controller/metal/strong_parameters.rb20
1 files changed, 18 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 8bc3c271e2..957aa746c0 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -1,4 +1,5 @@
require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/core_ext/hash/transform_values'
require 'active_support/core_ext/array/wrap'
require 'active_support/core_ext/string/filters'
require 'active_support/rescuable'
@@ -175,7 +176,7 @@ module ActionController
# safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
def to_h
if permitted?
- @parameters.deep_dup
+ convert_parameters_to_hashes(@parameters)
else
slice(*self.class.always_permitted_parameters).permit!.to_h
end
@@ -185,7 +186,7 @@ module ActionController
# <tt>ActiveSupport::HashWithIndifferentAccess</tt> representation of this
# parameter.
def to_unsafe_h
- @parameters.deep_dup
+ convert_parameters_to_hashes(@parameters)
end
alias_method :to_unsafe_hash, :to_unsafe_h
@@ -594,6 +595,21 @@ module ActionController
end
end
+ def convert_parameters_to_hashes(value)
+ case value
+ when Array
+ value.map { |v| convert_parameters_to_hashes(v) }
+ when Hash
+ value.transform_values do |v|
+ convert_parameters_to_hashes(v)
+ end.with_indifferent_access
+ when Parameters
+ value.to_h
+ else
+ value
+ end
+ end
+
def convert_hashes_to_parameters(key, value)
converted = convert_value_to_parameters(value)
@parameters[key] = converted unless converted.equal?(value)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 16:00:11 +0000