diff options
author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2012-08-30 16:36:59 -0500 |
---|---|---|
committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2012-09-16 23:58:21 -0500 |
commit | 1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5 (patch) | |
tree | 5901dbcaf12030a473edb6f463e8e4af9fe6391a /actionpack/lib | |
parent | 1e1bee3ab985e47fae49d9fd5d2ca946f5d9c533 (diff) | |
download | rails-1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5.tar.gz rails-1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5.tar.bz2 rails-1aaf4490b29afc99cf19b18c4edbb1f28e6c37f5.zip |
Add config.action_controller.permit_all_attributes to bypass StrongParameters protection
Diffstat (limited to 'actionpack/lib')
-rw-r--r-- | actionpack/lib/action_controller.rb | 1 | ||||
-rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 3 | ||||
-rw-r--r-- | actionpack/lib/action_controller/railtie.rb | 4 |
3 files changed, 7 insertions, 1 deletions
diff --git a/actionpack/lib/action_controller.rb b/actionpack/lib/action_controller.rb index e76dc954d9..1a13d7af29 100644 --- a/actionpack/lib/action_controller.rb +++ b/actionpack/lib/action_controller.rb @@ -2,6 +2,7 @@ require 'active_support/rails' require 'abstract_controller' require 'action_dispatch' require 'action_controller/metal/live' +require 'action_controller/metal/strong_parameters' module ActionController extend ActiveSupport::Autoload diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index b027901f28..8a2f63dfcd 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -13,12 +13,13 @@ module ActionController end class Parameters < ActiveSupport::HashWithIndifferentAccess + cattr_accessor :permit_all_parameters, instance_accessor: false attr_accessor :permitted alias :permitted? :permitted def initialize(attributes = nil) super(attributes) - @permitted = false + @permitted = self.class.permit_all_parameters end def permit! diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb index 3ecc105e22..d7e8194bf6 100644 --- a/actionpack/lib/action_controller/railtie.rb +++ b/actionpack/lib/action_controller/railtie.rb @@ -19,6 +19,10 @@ module ActionController ActionController::Helpers.helpers_path = app.helpers_paths end + initializer "action_controller.parameters_config" do |app| + ActionController::Parameters.permit_all_parameters = app.config.action_controller.delete(:permit_all_parameters) + end + initializer "action_controller.set_configs" do |app| paths = app.config.paths options = app.config.action_controller |