aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/lib/action_controller/metal
diff options
context:
space:
mode:
authorGuillermo Iguaran <guilleiguaran@gmail.com>2013-10-26 20:08:05 -0700
committerGuillermo Iguaran <guilleiguaran@gmail.com>2013-10-26 20:08:05 -0700
commit094e31ce6700993759c6f36db52afb0a43bfa71f (patch)
tree13c78f5977c6a8cd39c930638f138f11afde6dee /actionpack/lib/action_controller/metal
parent52199d1fd41ffc439357c16a7873fb04444175cd (diff)
parent7171111d3af10c80e3b38658d4fa0aa36858677f (diff)
downloadrails-094e31ce6700993759c6f36db52afb0a43bfa71f.tar.gz
rails-094e31ce6700993759c6f36db52afb0a43bfa71f.tar.bz2
rails-094e31ce6700993759c6f36db52afb0a43bfa71f.zip
Merge pull request #12656 from dougcole/fix_strong_parameters_fetch
don't let StrongParameters mutate the hash with fetch
Diffstat (limited to 'actionpack/lib/action_controller/metal')
-rw-r--r--actionpack/lib/action_controller/metal/strong_parameters.rb9
1 files changed, 8 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 66403d533c..fcc76f6225 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -284,7 +284,14 @@ module ActionController
# params.fetch(:none, 'Francesco') # => "Francesco"
# params.fetch(:none) { 'Francesco' } # => "Francesco"
def fetch(key, *args)
- convert_hashes_to_parameters(key, super)
+ value = super
+ # Don't rely on +convert_hashes_to_parameters+
+ # so as to not mutate via a +fetch+
+ if value.is_a?(Hash)
+ value = self.class.new(value)
+ value.permit! if permitted?
+ end
+ value
rescue KeyError
raise ActionController::ParameterMissing.new(key)
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-06 06:31:41 +0000