1 files changed, 47 insertions, 28 deletions

diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index b326695ce2..d62e01d185 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -1,12 +1,13 @@
-require 'active_support/core_ext/hash/indifferent_access'
-require 'active_support/core_ext/hash/transform_values'
-require 'active_support/core_ext/array/wrap'
-require 'active_support/core_ext/string/filters'
-require 'active_support/rescuable'
-require 'action_dispatch/http/upload'
-require 'rack/test'
-require 'stringio'
-require 'set'
+require "active_support/core_ext/hash/indifferent_access"
+require "active_support/core_ext/hash/transform_values"
+require "active_support/core_ext/array/wrap"
+require "active_support/core_ext/string/filters"
+require "active_support/rescuable"
+require "action_dispatch/http/upload"
+require "rack/test"
+require "stringio"
+require "set"
+require "yaml"
 
 module ActionController
   # Raised when a required parameter is missing.
@@ -31,13 +32,13 @@ module ActionController
   #
   #   params = ActionController::Parameters.new(a: "123", b: "456")
   #   params.permit(:c)
-  #   # => ActionController::UnpermittedParameters: found unpermitted parameters: a, b
+  #   # => ActionController::UnpermittedParameters: found unpermitted parameters: :a, :b
   class UnpermittedParameters < IndexError
     attr_reader :params # :nodoc:
 
     def initialize(params) # :nodoc:
       @params = params
-      super("found unpermitted parameter#{'s' if params.size > 1 }: #{params.join(", ")}")
+      super("found unpermitted parameter#{'s' if params.size > 1 }: #{params.map { |e| ":#{e}" }.join(", ")}")
     end
   end
 
@@ -572,20 +573,6 @@ module ActionController
       convert_value_to_parameters(@parameters.values_at(*keys))
     end
 
-    # Returns an exact copy of the <tt>ActionController::Parameters</tt>
-    # instance. +permitted+ state is kept on the duped object.
-    #
-    #   params = ActionController::Parameters.new(a: 1)
-    #   params.permit!
-    #   params.permitted?        # => true
-    #   copy_params = params.dup # => <ActionController::Parameters {"a"=>1} permitted: true>
-    #   copy_params.permitted?   # => true
-    def dup
-      super.tap do |duplicate|
-        duplicate.permitted = @permitted
-      end
-    end
-
     # Returns a new <tt>ActionController::Parameters</tt> with all keys from
     # +other_hash+ merges into current hash.
     def merge(other_hash)
@@ -605,6 +592,33 @@ module ActionController
       "<#{self.class} #{@parameters} permitted: #{@permitted}>"
     end
 
+    def self.hook_into_yaml_loading # :nodoc:
+      # Wire up YAML format compatibility with Rails 4.2 and Psych 2.0.8 and 2.0.9+.
+      # Makes the YAML parser call `init_with` when it encounters the keys below
+      # instead of trying its own parsing routines.
+      YAML.load_tags["!ruby/hash-with-ivars:ActionController::Parameters"] = name
+      YAML.load_tags["!ruby/hash:ActionController::Parameters"] = name
+    end
+    hook_into_yaml_loading
+
+    def init_with(coder) # :nodoc:
+      case coder.tag
+      when "!ruby/hash:ActionController::Parameters"
+        # YAML 2.0.8's format where hash instance variables weren't stored.
+        @parameters = coder.map.with_indifferent_access
+        @permitted  = false
+      when "!ruby/hash-with-ivars:ActionController::Parameters"
+        # YAML 2.0.9's Hash subclass format where keys and values
+        # were stored under an elements hash and `permitted` within an ivars hash.
+        @parameters = coder.map["elements"].with_indifferent_access
+        @permitted  = coder.map["ivars"][:@permitted]
+      when "!ruby/object:ActionController::Parameters"
+        # YAML's Object format. Only needed because of the format
+        # backwardscompability above, otherwise equivalent to YAML's initialization.
+        @parameters, @permitted = coder.map["parameters"], coder.map["permitted"]
+      end
+    end
+
     def method_missing(method_sym, *args, &block)
       if @parameters.respond_to?(method_sym)
         message = <<-DEPRECATE.squish
@@ -705,7 +719,7 @@ module ActionController
       end
 
       def unpermitted_keys(params)
-        self.keys - params.keys - self.always_permitted_parameters
+        keys - params.keys - always_permitted_parameters
       end
 
       #
@@ -736,7 +750,7 @@ module ActionController
       ]
 
       def permitted_scalar?(value)
-        PERMITTED_SCALAR_TYPES.any? {|type| value.is_a?(type)}
+        PERMITTED_SCALAR_TYPES.any? { |type| value.is_a?(type) }
       end
 
       def permitted_scalar_filter(params, key)
@@ -752,7 +766,7 @@ module ActionController
       end
 
       def array_of_permitted_scalars?(value)
-        if value.is_a?(Array) && value.all? {|element| permitted_scalar?(element)}
+        if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
           yield value
         end
       end
@@ -783,6 +797,11 @@ module ActionController
           end
         end
       end
+
+      def initialize_copy(source)
+        super
+        @parameters = @parameters.dup
+      end
   end
 
   # == Strong \Parameters