diff options
-rw-r--r-- | actionview/CHANGELOG.md | 10 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/form_options_helper.rb | 2 |
2 files changed, 11 insertions, 1 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 6d45cc1d8a..8597fea48d 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,13 @@ +* Stop exposing public methods in view's helpers. + + For example, in methods like `options_from_collection_for_select`, + it was possible to call private methods from the objects used. + + See [#33546](https://github.com/rails/rails/issues/33546) for details. + + *[Ana María Martínez Gómez](https://github.com/Ana06)* + + * Fix issue with `button_to`'s `to_form_params` `button_to` was throwing exception when invoked with `params` hash that diff --git a/actionview/lib/action_view/helpers/form_options_helper.rb b/actionview/lib/action_view/helpers/form_options_helper.rb index 7884a8d997..9c0238a01a 100644 --- a/actionview/lib/action_view/helpers/form_options_helper.rb +++ b/actionview/lib/action_view/helpers/form_options_helper.rb @@ -802,7 +802,7 @@ module ActionView end def value_for_collection(item, value) - value.respond_to?(:call) ? value.call(item) : item.send(value) + value.respond_to?(:call) ? value.call(item) : item.public_send(value) end def prompt_text(prompt) |