diff options
| author | Guillaume Malette <gmalette@gmail.com> | 2014-01-31 03:50:09 +0000 |
|---|---|---|
| committer | Guillaume Malette <guillaume@shopify.com> | 2015-06-22 10:04:11 -0400 |
| commit | 33b93174f0db9783b3c6c906666923103569c6a3 (patch) | |
| tree | 2cdbdefab1159e4c8d1f17ceb4bb58b27ddb02f1 /actionpack/lib/action_dispatch/http/parameter_filter.rb | |
| parent | ebc4c607a7859c9c35246d7fe74a17208ef3a66e (diff) | |
| download | rails-33b93174f0db9783b3c6c906666923103569c6a3.tar.gz rails-33b93174f0db9783b3c6c906666923103569c6a3.tar.bz2 rails-33b93174f0db9783b3c6c906666923103569c6a3.zip | |
Allow filtering params based on parent keys
Add the possibility to only filter parameters based on
their full path instead of relying on the immediate key.
config.filter_parameters += ['credit_card.code']
{ 'credit_card' => { 'code' => '[FILTERED]' },
'source' => { 'code' => '<%= puts 5 %>' } }
Diffstat (limited to 'actionpack/lib/action_dispatch/http/parameter_filter.rb')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/parameter_filter.rb | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/actionpack/lib/action_dispatch/http/parameter_filter.rb b/actionpack/lib/action_dispatch/http/parameter_filter.rb index df4b073a17..6e058b829e 100644 --- a/actionpack/lib/action_dispatch/http/parameter_filter.rb +++ b/actionpack/lib/action_dispatch/http/parameter_filter.rb @@ -30,36 +30,46 @@ module ActionDispatch when Regexp regexps << item else - strings << item.to_s + strings << Regexp.escape(item.to_s) end end + deep_regexps, regexps = regexps.partition { |r| r.to_s.include?("\\.") } + deep_strings, strings = strings.partition { |s| s.include?("\\.") } + regexps << Regexp.new(strings.join('|'), true) unless strings.empty? - new regexps, blocks + deep_regexps << Regexp.new(deep_strings.join('|'), true) unless deep_strings.empty? + + new regexps, deep_regexps, blocks end - attr_reader :regexps, :blocks + attr_reader :regexps, :deep_regexps, :blocks - def initialize(regexps, blocks) + def initialize(regexps, deep_regexps, blocks) @regexps = regexps + @deep_regexps = deep_regexps.any? ? deep_regexps : nil @blocks = blocks end - def call(original_params) + def call(original_params, parents = []) filtered_params = {} original_params.each do |key, value| + parents.push(key) if deep_regexps if regexps.any? { |r| key =~ r } value = FILTERED + elsif deep_regexps && (joined = parents.join('.')) && deep_regexps.any? { |r| joined =~ r } + value = FILTERED elsif value.is_a?(Hash) - value = call(value) + value = call(value, parents) elsif value.is_a?(Array) - value = value.map { |v| v.is_a?(Hash) ? call(v) : v } + value = value.map { |v| v.is_a?(Hash) ? call(v, parents) : v } elsif blocks.any? key = key.dup if key.duplicable? value = value.dup if value.duplicable? blocks.each { |b| b.call(key, value) } end + parents.pop if deep_regexps filtered_params[key] = value end |