Fix AC::Parameters not being sanitized for query methods.

author: Guo Xiang Tan <tgx_world@hotmail.com> 2015-10-02 16:26:16 +0800
committer: Guo Xiang Tan <tgx_world@hotmail.com> 2015-10-02 16:26:16 +0800
commit: 7d0b1e4847d1812b067e03266ca97d7bcb29d706 (patch)
tree: ae9729d69065fd68ca662a835d62c07e0e63cfc0 /activemodel/lib
parent: 9db73a2591e43d1851411727d6594a72efa35663 (diff)
download: rails-7d0b1e4847d1812b067e03266ca97d7bcb29d706.tar.gz
rails-7d0b1e4847d1812b067e03266ca97d7bcb29d706.tar.bz2
rails-7d0b1e4847d1812b067e03266ca97d7bcb29d706.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/activemodel/lib/active_model/forbidden_attributes_protection.rb b/activemodel/lib/active_model/forbidden_attributes_protection.rb
index b4fa378601..d2c6a89cc2 100644
--- a/activemodel/lib/active_model/forbidden_attributes_protection.rb
+++ b/activemodel/lib/active_model/forbidden_attributes_protection.rb
@@ -17,8 +17,9 @@ module ActiveModel
   module ForbiddenAttributesProtection # :nodoc:
     protected
       def sanitize_for_mass_assignment(attributes)
-        if attributes.respond_to?(:permitted?) && !attributes.permitted?
-          raise ActiveModel::ForbiddenAttributesError
+        if attributes.respond_to?(:permitted?)
+          raise ActiveModel::ForbiddenAttributesError if !attributes.permitted?
+          attributes.to_h
         else
           attributes
         end
author	Guo Xiang Tan <tgx_world@hotmail.com>	2015-10-02 16:26:16 +0800
committer	Guo Xiang Tan <tgx_world@hotmail.com>	2015-10-02 16:26:16 +0800
commit	7d0b1e4847d1812b067e03266ca97d7bcb29d706 (patch)
tree	ae9729d69065fd68ca662a835d62c07e0e63cfc0 /activemodel/lib
parent	9db73a2591e43d1851411727d6594a72efa35663 (diff)
download	rails-7d0b1e4847d1812b067e03266ca97d7bcb29d706.tar.gz rails-7d0b1e4847d1812b067e03266ca97d7bcb29d706.tar.bz2 rails-7d0b1e4847d1812b067e03266ca97d7bcb29d706.zip