diff options
| author | Godfrey Chan <godfreykfc@gmail.com> | 2014-12-15 14:46:32 -0800 |
|---|---|---|
| committer | Godfrey Chan <godfreykfc@gmail.com> | 2014-12-15 14:46:32 -0800 |
| commit | 488aefe7426bbd6f071019dff4c4cd1fbfd56742 (patch) | |
| tree | c6d6a90582aa07f37502e34f301a750072f28779 /guides/source | |
| parent | 485723e87a969984c054f68d1781cf99f8a68a5f (diff) | |
| parent | 8f8ccb9901cab457c6e1d52bdb25acf658fd5777 (diff) | |
| download | rails-488aefe7426bbd6f071019dff4c4cd1fbfd56742.tar.gz rails-488aefe7426bbd6f071019dff4c4cd1fbfd56742.tar.bz2 rails-488aefe7426bbd6f071019dff4c4cd1fbfd56742.zip | |
Merge pull request #16924 from Sinjo/params-deep-munge-empty-array
Don't convert empty arrays to nils when deep munging params
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/action_controller_overview.md | 4 | ||||
| -rw-r--r-- | guides/source/security.md | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/guides/source/action_controller_overview.md b/guides/source/action_controller_overview.md index 4e36a62583..57546da389 100644 --- a/guides/source/action_controller_overview.md +++ b/guides/source/action_controller_overview.md @@ -112,8 +112,8 @@ NOTE: The actual URL in this example will be encoded as "/clients?ids%5b%5d=1&id The value of `params[:ids]` will now be `["1", "2", "3"]`. Note that parameter values are always strings; Rails makes no attempt to guess or cast the type. -NOTE: Values such as `[]`, `[nil]` or `[nil, nil, ...]` in `params` are replaced -with `nil` for security reasons by default. See [Security Guide](security.html#unsafe-query-generation) +NOTE: Values such as `[nil]` or `[nil, nil, ...]` in `params` are replaced +with `[]` for security reasons by default. See [Security Guide](security.html#unsafe-query-generation) for more information. To send a hash you include the key name inside the brackets: diff --git a/guides/source/security.md b/guides/source/security.md index b1c5b22338..b3869b1ba5 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -942,7 +942,7 @@ unless params[:token].nil? end ``` -When `params[:token]` is one of: `[]`, `[nil]`, `[nil, nil, ...]` or +When `params[:token]` is one of: `[nil]`, `[nil, nil, ...]` or `['foo', nil]` it will bypass the test for `nil`, but `IS NULL` or `IN ('foo', NULL)` where clauses still will be added to the SQL query. @@ -953,9 +953,9 @@ request: | JSON | Parameters | |-----------------------------------|--------------------------| | `{ "person": null }` | `{ :person => nil }` | -| `{ "person": [] }` | `{ :person => nil }` | -| `{ "person": [null] }` | `{ :person => nil }` | -| `{ "person": [null, null, ...] }` | `{ :person => nil }` | +| `{ "person": [] }` | `{ :person => [] }` | +| `{ "person": [null] }` | `{ :person => [] }` | +| `{ "person": [null, null, ...] }` | `{ :person => [] }` | | `{ "person": ["foo", null] }` | `{ :person => ["foo"] }` | It is possible to return to old behaviour and disable `deep_munge` configuring |