diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-31 11:25:19 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-31 11:25:19 -0700 |
| commit | 5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3 (patch) | |
| tree | ed5851f76e6fb1852c3f37aed743250cbdb7dd62 /actionpack | |
| parent | 51af1e25789728248078db6b17989b252ac2e53c (diff) | |
| parent | 060c91cd59ab86583a8f2f52142960d3433f62f5 (diff) | |
| download | rails-5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3.tar.gz rails-5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3.tar.bz2 rails-5f91ea3dc1ed3fa1c6be2cff7de1d1663990b0c3.zip | |
Merge branch 'master-sec'
* master-sec:
Strip [nil] from parameters hash. Thanks to Ben Murphy for reporting this!
predicate builder should not recurse for determining where columns. Thanks to Ben Murphy for reporting this
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_dispatch/http/request.rb | 22 | ||||
| -rw-r--r-- | actionpack/test/dispatch/request/query_string_parsing_test.rb | 7 |
2 files changed, 28 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index aa5ba3e8a5..6757a53bd1 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -263,6 +263,28 @@ module ActionDispatch LOCALHOST =~ remote_addr && LOCALHOST =~ remote_ip end + protected + + # Remove nils from the params hash + def deep_munge(hash) + hash.each_value do |v| + case v + when Array + v.grep(Hash) { |x| deep_munge(x) } + when Hash + deep_munge(v) + end + end + + keys = hash.keys.find_all { |k| hash[k] == [nil] } + keys.each { |k| hash[k] = nil } + hash + end + + def parse_query(qs) + deep_munge(super) + end + private def check_method(name) diff --git a/actionpack/test/dispatch/request/query_string_parsing_test.rb b/actionpack/test/dispatch/request/query_string_parsing_test.rb index c3f009ab15..6ea66f9d32 100644 --- a/actionpack/test/dispatch/request/query_string_parsing_test.rb +++ b/actionpack/test/dispatch/request/query_string_parsing_test.rb @@ -81,7 +81,12 @@ class QueryStringParsingTest < ActionDispatch::IntegrationTest end test "query string without equal" do - assert_parses({ "action" => nil }, "action") + assert_parses({"action" => nil}, "action") + assert_parses({"action" => {"foo" => nil}}, "action[foo]") + assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar]") + assert_parses({"action" => {"foo" => { "bar" => nil }}}, "action[foo][bar][]") + assert_parses({"action" => {"foo" => nil}}, "action[foo][]") + assert_parses({"action"=>{"foo"=>[{"bar"=>nil}]}}, "action[foo][][bar]") end test "query string with empty key" do |