These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o them [nil] turns into [] and that is quite innocent.

generated SQL - `IN (NULL)` compact! did all the job.
author: Egor Homakov <homakov@gmail.com> 2012-06-13 17:49:29 +0400
committer: Egor Homakov <homakov@gmail.com> 2012-06-13 17:49:29 +0400
commit: e995734e7fcf84f6eade61d180275a9d929cc0a7 (patch)
tree: b05c25fc68a99bec6bc56a7be371b84b139c0f3c /actionpack/lib/action_dispatch/http
parent: 56a1bb2f1066d0c119834019916f1e4b05fffec0 (diff)
download: rails-e995734e7fcf84f6eade61d180275a9d929cc0a7.tar.gz
rails-e995734e7fcf84f6eade61d180275a9d929cc0a7.tar.bz2
rails-e995734e7fcf84f6eade61d180275a9d929cc0a7.zip
1 files changed, 0 insertions, 3 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 65ff6fb7d8..8cea17c7a6 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -267,9 +267,6 @@ module ActionDispatch
 
     # Remove nils from the params hash
     def deep_munge(hash)
-      keys = hash.keys.find_all { |k| hash[k] == [nil] }
-      keys.each { |k| hash[k] = nil }
-
       hash.each_value do |v|
         case v
         when Array
author	Egor Homakov <homakov@gmail.com>	2012-06-13 17:49:29 +0400
committer	Egor Homakov <homakov@gmail.com>	2012-06-13 17:49:29 +0400
commit	e995734e7fcf84f6eade61d180275a9d929cc0a7 (patch)
tree	b05c25fc68a99bec6bc56a7be371b84b139c0f3c /actionpack/lib/action_dispatch/http
parent	56a1bb2f1066d0c119834019916f1e4b05fffec0 (diff)
download	rails-e995734e7fcf84f6eade61d180275a9d929cc0a7.tar.gz rails-e995734e7fcf84f6eade61d180275a9d929cc0a7.tar.bz2 rails-e995734e7fcf84f6eade61d180275a9d929cc0a7.zip