diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2017-04-11 21:45:39 -0400 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2017-04-18 17:33:23 -0400 |
| commit | fd88ccc905549c61e0e4525fcb68b91d20b9afe9 (patch) | |
| tree | bdb5f528a4e317cab9d810161dae2498a38928fe /actionpack/lib/action_controller/metal/strong_parameters.rb | |
| parent | 1396b05e5a36859a9730e7a4a56abba02c41c0d6 (diff) | |
| download | rails-fd88ccc905549c61e0e4525fcb68b91d20b9afe9.tar.gz rails-fd88ccc905549c61e0e4525fcb68b91d20b9afe9.tar.bz2 rails-fd88ccc905549c61e0e4525fcb68b91d20b9afe9.zip | |
Raise exception when calling to_h in a unfiltered Parameters
Before we returned either an empty hash or only the always permitted
parameters (:controller and :action by default).
The previous behavior was dangerous because in order to get the
attributes users usually fallback to use to_unsafe_h that could
potentially introduce security issues.
The to_unsafe_h API is also not good since Parameters is a object that
quacks like a Hash but not in all cases since to_h would return an empty
hash and users were forced to check if to_unsafe_h is defined or if the
instance is a ActionController::Parameters in order to work with it.
This end up coupling a lot of libraries and parts of the application
with something that is from the controller layer.
Diffstat (limited to 'actionpack/lib/action_controller/metal/strong_parameters.rb')
| -rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index baf15570d5..b20ad940ea 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -43,6 +43,18 @@ module ActionController end end + # Raised when a Parameters instance is not marked as permitted and + # an operation to transform it to hash is called. + # + # params = ActionController::Parameters.new(a: "123", b: "456") + # params.to_h + # # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash + class UnfilteredParameters < StandardError + def initialize # :nodoc: + super("unable to convert unpermitted parameters to hash") + end + end + # == Action Controller \Parameters # # Allows you to choose which attributes should be whitelisted for mass updating @@ -234,7 +246,8 @@ module ActionController # name: 'Senjougahara Hitagi', # oddity: 'Heavy stone crab' # }) - # params.to_h # => {} + # params.to_h + # # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash # # safe_params = params.permit(:name) # safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} @@ -242,7 +255,7 @@ module ActionController if permitted? convert_parameters_to_hashes(@parameters, :to_h) else - slice(*self.class.always_permitted_parameters).permit!.to_h + raise UnfilteredParameters end end |