diff options
| author | Prathamesh Sonpatki <csonpatki@gmail.com> | 2016-01-03 17:20:24 +0530 |
|---|---|---|
| committer | Prathamesh Sonpatki <csonpatki@gmail.com> | 2016-01-07 12:12:34 +0530 |
| commit | a31078556a82ded9cb13c71727e146bb716a17ec (patch) | |
| tree | 7a609e2e139c92d839ecc7249263f4201acc0ee4 /actionpack/lib/action_dispatch/routing/route_set.rb | |
| parent | 3cae35bd6c46c7fb4b2daf09d1a8713feb74a0e3 (diff) | |
| download | rails-a31078556a82ded9cb13c71727e146bb716a17ec.tar.gz rails-a31078556a82ded9cb13c71727e146bb716a17ec.tar.bz2 rails-a31078556a82ded9cb13c71727e146bb716a17ec.zip | |
Allow AC::Parameters as an argument to url_helpers
- Earlier only Hash was allowed as params argument to url_helpers.
- Now ActionController::Parameters instances will also be allowed.
- If the params are not secured then it will raise an ArgumentError to
indicate that constructing URLs with non-secure params is not recommended.
- Fixes #22832.
Diffstat (limited to 'actionpack/lib/action_dispatch/routing/route_set.rb')
| -rw-r--r-- | actionpack/lib/action_dispatch/routing/route_set.rb | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb index 2bd2e53252..846b5fa1fc 100644 --- a/actionpack/lib/action_dispatch/routing/route_set.rb +++ b/actionpack/lib/action_dispatch/routing/route_set.rb @@ -281,8 +281,17 @@ module ActionDispatch helper = UrlHelper.create(route, opts, route_key, url_strategy) mod.module_eval do define_method(name) do |*args| - options = nil - options = args.pop if args.last.is_a? Hash + last = args.last + options = case last + when Hash + args.pop + when ActionController::Parameters + if last.permitted? + args.pop.to_h + else + raise ArgumentError, "Generating an URL from non sanitized request parameters is insecure!" + end + end helper.call self, args, options end end |