diff options
| author | Kasper Timm Hansen <kaspth@gmail.com> | 2015-12-17 21:21:12 +0100 |
|---|---|---|
| committer | Kasper Timm Hansen <kaspth@gmail.com> | 2015-12-17 21:55:03 +0100 |
| commit | 4b46c5ce83eaff77781d579bdfb6548de7f5a80a (patch) | |
| tree | 971ee4b02c3a6c47f77718b4c0e66be16bf25760 /actionpack/test | |
| parent | 623c3706b9b2d2ea87f8eb5eafde7b98b8f12728 (diff) | |
| download | rails-4b46c5ce83eaff77781d579bdfb6548de7f5a80a.tar.gz rails-4b46c5ce83eaff77781d579bdfb6548de7f5a80a.tar.bz2 rails-4b46c5ce83eaff77781d579bdfb6548de7f5a80a.zip | |
Only dup Ruby's Hash and Array.
When calling `to_h` on an `ActionController::Parameters` instance it would
`deep_dup` its internal parameters.
This inadvertently called `dup` on a passed Active Record model which would
create new models. Fix by only dupping Ruby's Arrays and Hashes.
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/controller/parameters/parameters_permit_test.rb | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 87816515e7..f23aa599c1 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -297,4 +297,32 @@ class ParametersPermitTest < ActiveSupport::TestCase assert @params.to_h.is_a? ActiveSupport::HashWithIndifferentAccess assert_not @params.to_h.is_a? ActionController::Parameters end + + test "to_h only deep dups Ruby collections" do + company = Class.new do + attr_reader :dupped + def dup; @dupped = true; end + end.new + + params = ActionController::Parameters.new(prem: { likes: %i( dancing ) }) + assert_equal({ 'prem' => { 'likes' => %i( dancing ) } }, params.permit!.to_h) + + params = ActionController::Parameters.new(companies: [ company, :acme ]) + assert_equal({ 'companies' => [ company, :acme ] }, params.permit!.to_h) + assert_not company.dupped + end + + test "to_unsafe_h only deep dups Ruby collections" do + company = Class.new do + attr_reader :dupped + def dup; @dupped = true; end + end.new + + params = ActionController::Parameters.new(prem: { likes: %i( dancing ) }) + assert_equal({ 'prem' => { 'likes' => %i( dancing ) } }, params.to_unsafe_h) + + params = ActionController::Parameters.new(companies: [ company, :acme ]) + assert_equal({ 'companies' => [ company, :acme ] }, params.to_unsafe_h) + assert_not company.dupped + end end |