aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorMatthew Draper <matthew@trebex.net>2016-07-12 05:54:26 +0930
committerGitHub <noreply@github.com>2016-07-12 05:54:26 +0930
commite6352dbbb591abcc04feeecd14308b375241047c (patch)
treef69b3d6db22d295588355f32565ecc91aac8c59b /actionpack
parent629dde297ce5e4b7614fbb0218f2593effaf7e28 (diff)
parent96070595697477676ea051c19c2c951901302bed (diff)
downloadrails-e6352dbbb591abcc04feeecd14308b375241047c.tar.gz
rails-e6352dbbb591abcc04feeecd14308b375241047c.tar.bz2
rails-e6352dbbb591abcc04feeecd14308b375241047c.zip
Merge pull request #25735 from timrogers/actioncontroller-parameters-dup
Stop changes to a dupped `ActionController::Parameters` mutating the original
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_controller/metal/strong_parameters.rb19
-rw-r--r--actionpack/test/controller/parameters/dup_test.rb43
2 files changed, 48 insertions, 14 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index b326695ce2..26794c67b7 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -572,20 +572,6 @@ module ActionController
convert_value_to_parameters(@parameters.values_at(*keys))
end
- # Returns an exact copy of the <tt>ActionController::Parameters</tt>
- # instance. +permitted+ state is kept on the duped object.
- #
- # params = ActionController::Parameters.new(a: 1)
- # params.permit!
- # params.permitted? # => true
- # copy_params = params.dup # => <ActionController::Parameters {"a"=>1} permitted: true>
- # copy_params.permitted? # => true
- def dup
- super.tap do |duplicate|
- duplicate.permitted = @permitted
- end
- end
-
# Returns a new <tt>ActionController::Parameters</tt> with all keys from
# +other_hash+ merges into current hash.
def merge(other_hash)
@@ -783,6 +769,11 @@ module ActionController
end
end
end
+
+ def initialize_copy(source)
+ super
+ @parameters = @parameters.dup
+ end
end
# == Strong \Parameters
diff --git a/actionpack/test/controller/parameters/dup_test.rb b/actionpack/test/controller/parameters/dup_test.rb
new file mode 100644
index 0000000000..ac5a9d94d0
--- /dev/null
+++ b/actionpack/test/controller/parameters/dup_test.rb
@@ -0,0 +1,43 @@
+require 'abstract_unit'
+require 'action_controller/metal/strong_parameters'
+
+class ParametersDupTest < ActiveSupport::TestCase
+ setup do
+ ActionController::Parameters.permit_all_parameters = false
+
+ @params = ActionController::Parameters.new(
+ person: {
+ age: '32',
+ name: {
+ first: 'David',
+ last: 'Heinemeier Hansson'
+ },
+ addresses: [{city: 'Chicago', state: 'Illinois'}]
+ }
+ )
+ end
+
+ test "a duplicate maintains the original's permitted status" do
+ @params.permit!
+ dupped_params = @params.dup
+ assert dupped_params.permitted?
+ end
+
+ test "a duplicate maintains the original's parameters" do
+ @params.permit!
+ dupped_params = @params.dup
+ assert_equal @params.to_h, dupped_params.to_h
+ end
+
+ test "changes to a duplicate's parameters do not affect the original" do
+ dupped_params = @params.dup
+ dupped_params.delete(:person)
+ assert_not_equal @params, dupped_params
+ end
+
+ test "changes tp a duplicate's permitted status do not affect the original" do
+ dupped_params = @params.dup
+ dupped_params.permit!
+ assert_not_equal @params, dupped_params
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 11:40:39 +0000