diff options
| author | Andrew White <andyw@pixeltrix.co.uk> | 2012-11-09 15:21:05 +0000 |
|---|---|---|
| committer | Andrew White <andyw@pixeltrix.co.uk> | 2012-11-09 15:31:00 +0000 |
| commit | 42cfacfe81b20b454f0d915beb934e62618c38a6 (patch) | |
| tree | 5a67fe241a73d8bafe89ababe7abe4fda56562f8 /activerecord | |
| parent | e56b8900f9b7704db8a01f5c54ee48f5935f406f (diff) | |
| download | rails-42cfacfe81b20b454f0d915beb934e62618c38a6.tar.gz rails-42cfacfe81b20b454f0d915beb934e62618c38a6.tar.bz2 rails-42cfacfe81b20b454f0d915beb934e62618c38a6.zip | |
Gracefully handle upgrading apps with mass assigment configs
Most apps upgrading from 3.x will have options for mass assigment in
their application.rb and environments/*.rb config files. Rather than
just raising a NoMethodError when copying the config, this commit
adds a warning message until either the protected_attributes gem
is installed or the relevant config options are removed.
Diffstat (limited to 'activerecord')
| -rw-r--r-- | activerecord/lib/active_record/railtie.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/railtie.rb b/activerecord/lib/active_record/railtie.rb index 77e41ea927..4ba35fe513 100644 --- a/activerecord/lib/active_record/railtie.rb +++ b/activerecord/lib/active_record/railtie.rb @@ -92,6 +92,33 @@ module ActiveRecord initializer "active_record.set_configs" do |app| ActiveSupport.on_load(:active_record) do + begin + old_behavior, ActiveSupport::Deprecation.behavior = ActiveSupport::Deprecation.behavior, :stderr + whitelist_attributes = app.config.active_record.delete(:whitelist_attributes) + + if respond_to?(:mass_assignment_sanitizer=) + mass_assignment_sanitizer = nil + else + mass_assignment_sanitizer = app.config.active_record.delete(:mass_assignment_sanitizer) + end + + unless whitelist_attributes.nil? && mass_assignment_sanitizer.nil? + ActiveSupport::Deprecation.warn <<-EOF.strip_heredoc, [] + Model based mass assignment security has been extracted + out of Rails into a gem. Please use the new recommended protection model for + params or add `protected_attributes` to your Gemfile to use the old one. + + To disable this message remove the `whitelist_attributes` option from your + `config/application.rb` file and any `mass_assignment_sanitizer` options + from your `config/environments/*.rb` files. + + See http://edgeguides.rubyonrails.org/security.html#mass-assignment for more information + EOF + end + ensure + ActiveSupport::Deprecation.behavior = old_behavior + end + app.config.active_record.each do |k,v| send "#{k}=", v end |