diff options
-rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 16 | ||||
-rw-r--r-- | actionpack/test/controller/required_params_test.rb | 6 |
2 files changed, 22 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 5cbf4157a4..043f69b7bc 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -580,6 +580,22 @@ module ActionController dup end + def method_missing(method_sym, *args, &block) + if @parameters.respond_to?(method_sym) + message = <<-DEPRECATE.squish + Method #{ method_sym } is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherit from + hash. Using this deprecated behavior exposes potential security problems. if you continue to use this method + you may be creating a security vulunerability in your app that can be exploited. Instead, consider using one + of these public methods that will not be deprecated: + #{ public_methods.inspect } + DEPRECATE + ActiveSupport::Deprecation.warn(message) + @parameters.public_send(method_sym, *args, &block) + else + super + end + end + protected def permitted=(new_permitted) @permitted = new_permitted diff --git a/actionpack/test/controller/required_params_test.rb b/actionpack/test/controller/required_params_test.rb index 168f64ce41..129a713564 100644 --- a/actionpack/test/controller/required_params_test.rb +++ b/actionpack/test/controller/required_params_test.rb @@ -65,4 +65,10 @@ class ParametersRequireTest < ActiveSupport::TestCase .require([:first_name, :title]) end end + + test "Deprecated method are deprecated" do + assert_deprecated do + ActionController::Parameters.new(foo: "bar").merge!({bar: "foo"}) + end + end end |