diff options
| author | schneems <richard.schneeman@gmail.com> | 2016-01-19 11:45:34 -0600 |
|---|---|---|
| committer | schneems <richard.schneeman@gmail.com> | 2016-01-19 12:05:44 -0600 |
| commit | 66d705b3e7c03f806f7481e0e6a1f157dcf86f83 (patch) | |
| tree | eb9ebf1e2adb8d59f657116bf2c298185cad936a /actionpack | |
| parent | 3ea4476942d2ba5ddc0d3b2d1f3730455661b06a (diff) | |
| download | rails-66d705b3e7c03f806f7481e0e6a1f157dcf86f83.tar.gz rails-66d705b3e7c03f806f7481e0e6a1f157dcf86f83.tar.bz2 rails-66d705b3e7c03f806f7481e0e6a1f157dcf86f83.zip | |
[close #23084] Deprecated StrongParameters
We can provide a more flexible upgrade experience by warning users they are using unsafe methods instead of forcing the safe API by deprecating before removal. This PR provides this functionality.
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 16 | ||||
| -rw-r--r-- | actionpack/test/controller/required_params_test.rb | 6 |
2 files changed, 22 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 5cbf4157a4..043f69b7bc 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -580,6 +580,22 @@ module ActionController dup end + def method_missing(method_sym, *args, &block) + if @parameters.respond_to?(method_sym) + message = <<-DEPRECATE.squish + Method #{ method_sym } is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherit from + hash. Using this deprecated behavior exposes potential security problems. if you continue to use this method + you may be creating a security vulunerability in your app that can be exploited. Instead, consider using one + of these public methods that will not be deprecated: + #{ public_methods.inspect } + DEPRECATE + ActiveSupport::Deprecation.warn(message) + @parameters.public_send(method_sym, *args, &block) + else + super + end + end + protected def permitted=(new_permitted) @permitted = new_permitted diff --git a/actionpack/test/controller/required_params_test.rb b/actionpack/test/controller/required_params_test.rb index 168f64ce41..129a713564 100644 --- a/actionpack/test/controller/required_params_test.rb +++ b/actionpack/test/controller/required_params_test.rb @@ -65,4 +65,10 @@ class ParametersRequireTest < ActiveSupport::TestCase .require([:first_name, :title]) end end + + test "Deprecated method are deprecated" do + assert_deprecated do + ActionController::Parameters.new(foo: "bar").merge!({bar: "foo"}) + end + end end |