do not break params filtering on nil values

closes #12149

2 files changed, 10 insertions, 1 deletions

diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index ae600b1ebe..b495ab3f0f 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -421,7 +421,7 @@ module ActionController
 
         # Slicing filters out non-declared keys.
         slice(*filter.keys).each do |key, value|
-          return unless value
+          next unless value
 
           if filter[key] == EMPTY_ARRAY
             # Declaration { comment_ids: [] }.
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb
index 437da43d9b..84e007b5d0 100644
--- a/actionpack/test/controller/parameters/parameters_permit_test.rb
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -107,6 +107,15 @@ class ParametersPermitTest < ActiveSupport::TestCase
     assert_equal [], permitted[:id]
   end
 
+  test 'do not break params filtering on nil values' do
+    params = ActionController::Parameters.new(a: 1, b: [1, 2, 3], c: nil)
+
+    permitted = params.permit(:a, c: [], b: [])
+    assert_equal 1, permitted[:a]
+    assert_equal [1, 2, 3], permitted[:b]
+    assert_equal nil, permitted[:c]
+  end
+
   test 'key to empty array: arrays of permitted scalars pass' do
     [['foo'], [1], ['foo', 'bar'], [1, 2, 3]].each do |array|
       params = ActionController::Parameters.new(id: array)