diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-06-12 14:25:27 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-06-12 14:25:27 -0700 |
| commit | 10cdbbc56bf31da3a2e030dfe9d399507348f54e (patch) | |
| tree | c1e1b4371a1dd2a10460fcc503980ffb86d46f14 /actionpack/lib/action_dispatch/http | |
| parent | 5dd2cfc8b4a89ec6321ebbb0e81cd50d58785b6f (diff) | |
| parent | 8381d398cedf3e95fb073b8110d80f636cff449c (diff) | |
| download | rails-10cdbbc56bf31da3a2e030dfe9d399507348f54e.tar.gz rails-10cdbbc56bf31da3a2e030dfe9d399507348f54e.tar.bz2 rails-10cdbbc56bf31da3a2e030dfe9d399507348f54e.zip | |
Merge branch '3-2-stable-rel' into 3-2-stable
* 3-2-stable-rel:
updating changelogs
bumping version numbers
updating changelogs with security fixes
updating changelogs
Array parameters should not contain nil values.
Additional fix for CVE-2012-2661
Diffstat (limited to 'actionpack/lib/action_dispatch/http')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index adbb5d1346..afc0496ef9 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -251,17 +251,19 @@ module ActionDispatch # Remove nils from the params hash def deep_munge(hash) + keys = hash.keys.find_all { |k| hash[k] == [nil] } + keys.each { |k| hash[k] = nil } + hash.each_value do |v| case v when Array v.grep(Hash) { |x| deep_munge(x) } + v.compact! when Hash deep_munge(v) end end - keys = hash.keys.find_all { |k| hash[k] == [nil] } - keys.each { |k| hash[k] = nil } hash end |