Add more info to insecure URL generation error

I always appreciate having a bit more information as to why something is now an error. We can use this error to tell people why what they were previously doing is insecure and give them hints on how to fix it. Signed-off-by: Kasper Timm Hansen <kaspth@gmail.com>
author: Derek Prior <derekprior@gmail.com> 2016-03-25 16:55:59 -0400
committer: Kasper Timm Hansen <kaspth@gmail.com> 2016-04-26 22:14:03 +0200
commit: cacded5a0e0acc0582c2778b9dd8df684451ad53 (patch)
tree: 3128477bccff6657c8b1828063c8bc22ebf7810a /actionpack/lib/action_dispatch/routing
parent: f03c27cad2d3b4a9751cccdc3834f719f1cfbaa2 (diff)
download: rails-cacded5a0e0acc0582c2778b9dd8df684451ad53.tar.gz
rails-cacded5a0e0acc0582c2778b9dd8df684451ad53.tar.bz2
rails-cacded5a0e0acc0582c2778b9dd8df684451ad53.zip
2 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_dispatch/routing/route_set.rb b/actionpack/lib/action_dispatch/routing/route_set.rb
index c65dafe9e6..ed7130b58e 100644
--- a/actionpack/lib/action_dispatch/routing/route_set.rb
+++ b/actionpack/lib/action_dispatch/routing/route_set.rb
@@ -289,7 +289,7 @@ module ActionDispatch
                           if last.permitted?
                             args.pop.to_h
                           else
-                            raise ArgumentError, "Generating a URL from non sanitized request parameters is insecure!"
+                            raise ArgumentError, ActionDispatch::Routing::INSECURE_URL_PARAMETERS_MESSAGE
                           end
                         end
               helper.call self, args, options
diff --git a/actionpack/lib/action_dispatch/routing/url_for.rb b/actionpack/lib/action_dispatch/routing/url_for.rb
index 28be189f93..5ee138e6c6 100644
--- a/actionpack/lib/action_dispatch/routing/url_for.rb
+++ b/actionpack/lib/action_dispatch/routing/url_for.rb
@@ -173,7 +173,7 @@ module ActionDispatch
                          route_name)
         when ActionController::Parameters
           unless options.permitted?
-            raise ArgumentError.new("Generating a URL from non sanitized request parameters is insecure!")
+            raise ArgumentError.new(ActionDispatch::Routing::INSECURE_URL_PARAMETERS_MESSAGE)
           end
           route_name = options.delete :use_route
           _routes.url_for(options.to_h.symbolize_keys.
author	Derek Prior <derekprior@gmail.com>	2016-03-25 16:55:59 -0400
committer	Kasper Timm Hansen <kaspth@gmail.com>	2016-04-26 22:14:03 +0200
commit	cacded5a0e0acc0582c2778b9dd8df684451ad53 (patch)
tree	3128477bccff6657c8b1828063c8bc22ebf7810a /actionpack/lib/action_dispatch/routing
parent	f03c27cad2d3b4a9751cccdc3834f719f1cfbaa2 (diff)
download	rails-cacded5a0e0acc0582c2778b9dd8df684451ad53.tar.gz rails-cacded5a0e0acc0582c2778b9dd8df684451ad53.tar.bz2 rails-cacded5a0e0acc0582c2778b9dd8df684451ad53.zip