diff options
Diffstat (limited to 'actionpack/lib/action_controller/metal')
-rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index e6e58ce6cd..317cf101b7 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -19,6 +19,20 @@ module ActionController end end + # Raised when a supplied parameter is not expected. + # + # params = ActionController::Parameters.new(a: "123", b: "456") + # params.permit(:c) + # # => ActionController::UnexpectedParameter: found unexpected keys: a, b + class UnexpectedParameters < IndexError + attr_reader :params + + def initialize(params) + @params = params + super("found unpermitted parameters: #{params.join(", ")}") + end + end + # == Action Controller \Parameters # # Allows to choose which attributes should be whitelisted for mass updating @@ -65,6 +79,7 @@ module ActionController # params["key"] # => "value" class Parameters < ActiveSupport::HashWithIndifferentAccess cattr_accessor :permit_all_parameters, instance_accessor: false + cattr_accessor :action_on_unpermitted, instance_accessor: false # Returns a new instance of <tt>ActionController::Parameters</tt>. # Also, sets the +permitted+ attribute to the default value of @@ -222,6 +237,16 @@ module ActionController end end + unpermitted_keys = self.keys - params.keys + if unpermitted_keys.any? + case self.class.action_on_unpermitted + when :log + ActionController::Base.logger.debug "Unpermitted parameters: #{unpermitted_keys.join(", ")}" + when :raise + raise ActionController::UnexpectedParameters.new(unpermitted_keys) + end + end + params.permit! end |