diff options
author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-31 11:25:19 -0700 |
---|---|---|
committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-31 11:25:19 -0700 |
commit | 5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3 (patch) | |
tree | ed5851f76e6fb1852c3f37aed743250cbdb7dd62 /actionpack/lib/action_dispatch | |
parent | 51af1e25789728248078db6b17989b252ac2e53c (diff) | |
parent | 060c91cd59ab86583a8f2f52142960d3433f62f5 (diff) | |
download | rails-5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3.tar.gz rails-5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3.tar.bz2 rails-5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3.zip |
Merge branch 'master-sec'
* master-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Diffstat (limited to 'actionpack/lib/action_dispatch')
-rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index aa5ba3e8a5..6757a53bd1 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -263,6 +263,28 @@ module ActionDispatch LOCALHOST =~ remote_addr && LOCALHOST =~ remote_ip end + protected + + # Remove nils from the params hash + def deep_munge(hash) + hash.each_value do |v| + case v + when Array + v.grep(Hash) { |x| deep_munge(x) } + when Hash + deep_munge(v) + end + end + + keys = hash.keys.find_all { |k| hash[k] == [nil] } + keys.each { |k| hash[k] = nil } + hash + end + + def parse_query(qs) + deep_munge(super) + end + private def check_method(name) |