diff options
| author | Josua Schmid <josua.schmid@renuo.ch> | 2019-02-12 16:58:59 +0100 |
|---|---|---|
| committer | Josua Schmid <josua.schmid@renuo.ch> | 2019-03-26 13:53:41 +0100 |
| commit | 25f2e0c39da2b9c61db75df2d767ee9c10d583b8 (patch) | |
| tree | b87fef53330be34a1ddd271af5e0ea2d49a42ba7 /actionpack | |
| parent | 08a435fa8c2307e78436eeaad43bfae7a54b2ab4 (diff) | |
| download | rails-25f2e0c39da2b9c61db75df2d767ee9c10d583b8.tar.gz rails-25f2e0c39da2b9c61db75df2d767ee9c10d583b8.tar.bz2 rails-25f2e0c39da2b9c61db75df2d767ee9c10d583b8.zip | |
Raise if resource custom params contain colons
After this change it's not possible anymore to configure routes
like this:
routes.draw do
resources :users, param: "name/:sneaky"
end
Fixes #30467.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/CHANGELOG.md | 15 | ||||
| -rw-r--r-- | actionpack/lib/action_dispatch/routing/mapper.rb | 4 | ||||
| -rw-r--r-- | actionpack/test/dispatch/routing_test.rb | 10 |
3 files changed, 29 insertions, 0 deletions
diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md index 2df6f5fc09..9931a0de81 100644 --- a/actionpack/CHANGELOG.md +++ b/actionpack/CHANGELOG.md @@ -1,3 +1,18 @@ +* Raise an `ArgumentError` if a resource custom param contains a colon (`:`). + + After this change it's not possible anymore to configure routes like this: + + ``` + routes.draw do + resources :users, param: 'name/:sneaky' + end + ``` + + Fixes #30467. + + *Josua Schmid* + + ## Rails 6.0.0.beta3 (March 11, 2019) ## * No changes. diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb index da3ade652e..2d2073de9a 100644 --- a/actionpack/lib/action_dispatch/routing/mapper.rb +++ b/actionpack/lib/action_dispatch/routing/mapper.rb @@ -1141,6 +1141,10 @@ module ActionDispatch attr_reader :controller, :path, :param def initialize(entities, api_only, shallow, options = {}) + if options[:param].to_s.include?(":") + raise ArgumentError, ":param option can't contain colons" + end + @name = entities.to_s @path = (options[:path] || @name).to_s @controller = (options[:controller] || @name).to_s diff --git a/actionpack/test/dispatch/routing_test.rb b/actionpack/test/dispatch/routing_test.rb index 897d17885e..7b763ec2bd 100644 --- a/actionpack/test/dispatch/routing_test.rb +++ b/actionpack/test/dispatch/routing_test.rb @@ -3338,6 +3338,16 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest assert_equal "0c0c0b68-d24b-11e1-a861-001ff3fffe6f", @request.params[:download] end + def test_colon_containing_custom_param + ex = assert_raises(ArgumentError) { + draw do + resources :profiles, param: "username/:is_admin" + end + } + + assert_match(/:param option can't contain colon/, ex.message) + end + def test_action_from_path_is_not_frozen draw do get "search" => "search" |