9 files changed, 36 insertions, 26 deletions
diff --git a/actionpack/lib/action_controller/api.rb b/actionpack/lib/action_controller/api.rb
index 94698df730..2bfa65021d 100644
--- a/actionpack/lib/action_controller/api.rb
+++ b/actionpack/lib/action_controller/api.rb
@@ -1,6 +1,6 @@
 require "action_view"
 require "action_controller"
-require "action_controller/log_subscriber"
+require_relative "log_subscriber"
 
 module ActionController
   # API Controller is a lightweight version of <tt>ActionController::Base</tt>,
diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb
index 8c2b111f89..6e195fa359 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -1,6 +1,6 @@
 require "action_view"
-require "action_controller/log_subscriber"
-require "action_controller/metal/params_wrapper"
+require_relative "log_subscriber"
+require_relative "metal/params_wrapper"
 
 module ActionController
   # Action Controllers are the core of a web request in \Rails. They are made up of one or more actions that are executed
diff --git a/actionpack/lib/action_controller/log_subscriber.rb b/actionpack/lib/action_controller/log_subscriber.rb
index d00fcbcd13..5d75393897 100644
--- a/actionpack/lib/action_controller/log_subscriber.rb
+++ b/actionpack/lib/action_controller/log_subscriber.rb
@@ -24,7 +24,7 @@ module ActionController
           exception_class_name = payload[:exception].first
           status = ActionDispatch::ExceptionWrapper.status_code_for_exception(exception_class_name)
         end
-        message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms"
+        message = "Completed #{status} #{Rack::Utils::HTTP_STATUS_CODES[status]} in #{event.duration.round}ms".dup
         message << " (#{additions.join(" | ".freeze)})" unless additions.empty?
         message << "\n\n" if defined?(Rails.env) && Rails.env.development?
 
diff --git a/actionpack/lib/action_controller/metal/data_streaming.rb b/actionpack/lib/action_controller/metal/data_streaming.rb
index 731e03e2fc..3dbdd4a1b6 100644
--- a/actionpack/lib/action_controller/metal/data_streaming.rb
+++ b/actionpack/lib/action_controller/metal/data_streaming.rb
@@ -1,4 +1,4 @@
-require "action_controller/metal/exceptions"
+require_relative "exceptions"
 
 module ActionController #:nodoc:
   # Methods for sending arbitrary data and for streaming files to the browser,
diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb
index 68881b8402..818af549eb 100644
--- a/actionpack/lib/action_controller/metal/params_wrapper.rb
+++ b/actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -232,12 +232,7 @@ module ActionController
     # by the metal call stack.
     def process_action(*args)
       if _wrapper_enabled?
-        if request.parameters[_wrapper_key].present?
-          wrapped_hash = _extract_parameters(request.parameters)
-        else
-          wrapped_hash = _wrap_parameters request.request_parameters
-        end
-
+        wrapped_hash = _wrap_parameters request.request_parameters
         wrapped_keys = request.request_parameters.keys
         wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys)
 
@@ -282,7 +277,7 @@ module ActionController
         return false unless request.has_content_type?
 
         ref = request.content_mime_type.ref
-        _wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters[_wrapper_key]
+        _wrapper_formats.include?(ref) && _wrapper_key && !request.parameters.key?(_wrapper_key)
       end
   end
 end
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 5051c02a62..4468cbb2fc 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -1,5 +1,5 @@
 require "rack/session/abstract/id"
-require "action_controller/metal/exceptions"
+require_relative "exceptions"
 require "active_support/security_utils"
 
 module ActionController #:nodoc:
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index cd99e3125f..a1b8b7cd6e 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -180,6 +180,14 @@ module ActionController
     # Returns a new array of the keys of the parameters.
 
     ##
+    # :method: to_s
+    #
+    # :call-seq:
+    #   to_s()
+    #
+    # Returns the content of the parameters as a string.
+
+    ##
     # :method: value?
     #
     # :call-seq:
@@ -195,7 +203,7 @@ module ActionController
     #
     # Returns a new array of the values of the parameters.
     delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,
-      :as_json, to: :@parameters
+      :as_json, :to_s, to: :@parameters
 
     # By default, never raise an UnpermittedParameters exception if these
     # params are present. The default includes both 'controller' and 'action'
@@ -245,7 +253,7 @@ module ActionController
     #     oddity: "Heavy stone crab"
     #   })
     #   params.to_h
-    #   # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash
+    #   # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
     #
     #   safe_params = params.permit(:name)
     #   safe_params.to_h # => {"name"=>"Senjougahara Hitagi"}
@@ -265,7 +273,7 @@ module ActionController
     #     oddity: "Heavy stone crab"
     #   })
     #   params.to_hash
-    #   # => ActionController::UnfilteredParameters: unable to convert unfiltered parameters to hash
+    #   # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
     #
     #   safe_params = params.permit(:name)
     #   safe_params.to_hash # => {"name"=>"Senjougahara Hitagi"}
@@ -281,6 +289,10 @@ module ActionController
     #     nationality: "Danish"
     #   })
     #   params.to_query
+    #   # => ActionController::UnfilteredParameters: unable to convert unpermitted parameters to hash
+    #
+    #   safe_params = params.permit(:name, :nationality)
+    #   safe_params.to_query
     #   # => "name=David&nationality=Danish"
     #
     # An optional namespace can be passed to enclose key names:
@@ -289,7 +301,8 @@ module ActionController
     #     name: "David",
     #     nationality: "Danish"
     #   })
-    #   params.to_query("user")
+    #   safe_params = params.permit(:name, :nationality)
+    #   safe_params.to_query("user")
     #   # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish"
     #
     # The string pairs "key=value" that conform the query string
diff --git a/actionpack/lib/action_controller/railtie.rb b/actionpack/lib/action_controller/railtie.rb
index fadfc8de60..31db7518f1 100644
--- a/actionpack/lib/action_controller/railtie.rb
+++ b/actionpack/lib/action_controller/railtie.rb
@@ -2,7 +2,7 @@ require "rails"
 require "action_controller"
 require "action_dispatch/railtie"
 require "abstract_controller/railties/routes_helpers"
-require "action_controller/railties/helpers"
+require_relative "railties/helpers"
 require "action_view/railtie"
 
 module ActionController
@@ -22,13 +22,15 @@ module ActionController
     initializer "action_controller.parameters_config" do |app|
       options = app.config.action_controller
 
-      ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
-      if app.config.action_controller[:always_permitted_parameters]
-        ActionController::Parameters.always_permitted_parameters =
-          app.config.action_controller.delete(:always_permitted_parameters)
-      end
-      ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do
-        (Rails.env.test? || Rails.env.development?) ? :log : false
+      ActiveSupport.on_load(:action_controller) do
+        ActionController::Parameters.permit_all_parameters = options.delete(:permit_all_parameters) { false }
+        if app.config.action_controller[:always_permitted_parameters]
+          ActionController::Parameters.always_permitted_parameters =
+            app.config.action_controller.delete(:always_permitted_parameters)
+        end
+        ActionController::Parameters.action_on_unpermitted_parameters = options.delete(:action_on_unpermitted_parameters) do
+          (Rails.env.test? || Rails.env.development?) ? :log : false
+        end
       end
     end
 
diff --git a/actionpack/lib/action_controller/test_case.rb b/actionpack/lib/action_controller/test_case.rb
index bc42d50205..9d8240e46d 100644
--- a/actionpack/lib/action_controller/test_case.rb
+++ b/actionpack/lib/action_controller/test_case.rb
@@ -4,7 +4,7 @@ require "active_support/core_ext/object/to_query"
 require "active_support/core_ext/module/anonymous"
 require "active_support/core_ext/hash/keys"
 require "active_support/testing/constant_lookup"
-require "action_controller/template_assertions"
+require_relative "template_assertions"
 require "rails-dom-testing"
 
 module ActionController