diff options
| author | Sean Griffin <sean@seantheprogrammer.com> | 2015-10-02 08:30:20 -0400 |
|---|---|---|
| committer | Sean Griffin <sean@seantheprogrammer.com> | 2015-10-02 08:30:20 -0400 |
| commit | a9f66de35266ae3ccf272009863fb26fdb6bcf27 (patch) | |
| tree | caefd4681ad6d143095a90eda63f090b8e54fc0f /activemodel | |
| parent | b15b72233ca8eb565f5a7f4585d891ab99ea06fb (diff) | |
| parent | 7d0b1e4847d1812b067e03266ca97d7bcb29d706 (diff) | |
| download | rails-a9f66de35266ae3ccf272009863fb26fdb6bcf27.tar.gz rails-a9f66de35266ae3ccf272009863fb26fdb6bcf27.tar.bz2 rails-a9f66de35266ae3ccf272009863fb26fdb6bcf27.zip | |
Merge pull request #21539 from tgxworld/parameters_not_sanitized
Fix AC::Parameters not being sanitized for query methods.
Diffstat (limited to 'activemodel')
| -rw-r--r-- | activemodel/lib/active_model/forbidden_attributes_protection.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/activemodel/lib/active_model/forbidden_attributes_protection.rb b/activemodel/lib/active_model/forbidden_attributes_protection.rb index b4fa378601..d2c6a89cc2 100644 --- a/activemodel/lib/active_model/forbidden_attributes_protection.rb +++ b/activemodel/lib/active_model/forbidden_attributes_protection.rb @@ -17,8 +17,9 @@ module ActiveModel module ForbiddenAttributesProtection # :nodoc: protected def sanitize_for_mass_assignment(attributes) - if attributes.respond_to?(:permitted?) && !attributes.permitted? - raise ActiveModel::ForbiddenAttributesError + if attributes.respond_to?(:permitted?) + raise ActiveModel::ForbiddenAttributesError if !attributes.permitted? + attributes.to_h else attributes end |