2 files changed, 34 insertions, 9 deletions

diff --git a/actionpack/lib/action_controller/metal/hide_actions.rb b/actionpack/lib/action_controller/metal/hide_actions.rb
index 420b22cf56..2aa6b7adaf 100644
--- a/actionpack/lib/action_controller/metal/hide_actions.rb
+++ b/actionpack/lib/action_controller/metal/hide_actions.rb
@@ -26,20 +26,14 @@ module ActionController
         self.hidden_actions = hidden_actions.dup.merge(args.map(&:to_s)).freeze
       end
 
-      def inherited(klass)
-        klass.class_eval { @visible_actions = {} }
-        super
-      end
-
       def visible_action?(action_name)
-        return @visible_actions[action_name] if @visible_actions.key?(action_name)
-        @visible_actions[action_name] = !hidden_actions.include?(action_name)
+        action_methods.include?(action_name)
       end
 
       # Overrides AbstractController::Base#action_methods to remove any methods
       # that are listed as hidden methods.
       def action_methods
-        @action_methods ||= Set.new(super.reject { |name| hidden_actions.include?(name) })
+        @action_methods ||= Set.new(super.reject { |name| hidden_actions.include?(name) }).freeze
       end
     end
   end
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index c9a81e4866..e33201b273 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -112,6 +112,11 @@ module ActionController
     #   params.permitted?  # => true
     #   Person.new(params) # => #<Person id: nil, name: "Francesco">
     def permit!
+      each_pair do |key, value|
+        convert_hashes_to_parameters(key, value)
+        self[key].permit! if self[key].respond_to? :permit!
+      end
+
       @permitted = true
       self
     end
@@ -166,13 +171,39 @@ module ActionController
     #   permitted[:person][:age]                # => nil
     #   permitted[:person][:pets][0][:name]     # => "Purplish"
     #   permitted[:person][:pets][0][:category] # => nil
+    #
+    # Note that if you use +permit+ in a key that points to a hash,
+    # it won't allow all the hash. You also need to specify which
+    # attributes inside the hash should be whitelisted.
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       contact: {
+    #         email: 'none@test.com'
+    #         phone: '555-1234'
+    #       }
+    #     }
+    #   })
+    #
+    #   params.require(:person).permit(:contact)
+    #   # => {}
+    #
+    #   params.require(:person).permit(contact: :phone)
+    #   # => {"contact"=>{"phone"=>"555-1234"}}
+    #
+    #   params.require(:person).permit(contact: [ :email, :phone ])
+    #   # => {"contact"=>{"email"=>"none@test.com", "phone"=>"555-1234"}}
     def permit(*filters)
       params = self.class.new
 
       filters.each do |filter|
         case filter
         when Symbol, String then
-          params[filter] = self[filter] if has_key?(filter)
+          if has_key?(filter)
+            _value = self[filter]
+            params[filter] = _value unless Hash === _value
+          end
+          keys.grep(/\A#{Regexp.escape(filter)}\(\d+[if]?\)\z/) { |key| params[key] = self[key] }
         when Hash then
           self.slice(*filter.keys).each do |key, values|
             return unless values