diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2016-02-17 16:12:18 -0800 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2016-02-17 16:15:51 -0800 |
| commit | 04b410f83350aa8a9b6f181cc7c37f2c2653300f (patch) | |
| tree | 5d5efc45ebf86ac99483e084687dcc6695b9eed2 /actionpack/test | |
| parent | f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9 (diff) | |
| download | rails-04b410f83350aa8a9b6f181cc7c37f2c2653300f.tar.gz rails-04b410f83350aa8a9b6f181cc7c37f2c2653300f.tar.bz2 rails-04b410f83350aa8a9b6f181cc7c37f2c2653300f.zip | |
fields_for_style needs to test for AC::Parameters
While iterating an AC::Parameters object, the object will mutate itself
and stick AC::Parameters objects where there used to be hashes:
https://github.com/rails/rails/blob/f57092ad728fa1de06c4f5fd9d09dcc2c4738fd9/actionpack/lib/action_controller/metal/strong_parameters.rb#L632
If you use `permit` after this iteration, the `fields_for_style` method
wouldn't return true because the child objects are now AC::Parameters
objects rather than Hashes.
fixes #23701
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/controller/parameters/parameters_permit_test.rb | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 3299f2d9d0..96048e2868 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -27,6 +27,27 @@ class ParametersPermitTest < ActiveSupport::TestCase end end + def walk_permitted params + params.each do |k,v| + case v + when ActionController::Parameters + walk_permitted v + when Array + v.each { |x| walk_permitted v } + end + end + end + + test 'iteration should not impact permit' do + hash = {"foo"=>{"bar"=>{"0"=>{"baz"=>"hello", "zot"=>"1"}}}} + params = ActionController::Parameters.new(hash) + + walk_permitted params + + sanitized = params[:foo].permit(bar: [:baz]) + assert_equal({"0"=>{"baz"=>"hello"}}, sanitized[:bar].to_unsafe_h) + end + test 'if nothing is permitted, the hash becomes empty' do params = ActionController::Parameters.new(id: '1234') permitted = params.permit |