3 files changed, 25 insertions, 27 deletions
diff --git a/actionpack/lib/action_controller/metal.rb b/actionpack/lib/action_controller/metal.rb
index 1641d01c30..f6e67b02d7 100644
--- a/actionpack/lib/action_controller/metal.rb
+++ b/actionpack/lib/action_controller/metal.rb
@@ -175,10 +175,7 @@ module ActionController
       body = [body] unless body.nil? || body.respond_to?(:each)
       response.reset_body!
       return unless body
-      body.each { |part|
-        next if part.empty?
-        response.write part
-      }
+      response.body = body
       super
     end
 
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 6586985ff5..b2f0b382b9 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -379,7 +379,8 @@ module ActionController #:nodoc:
 
       def xor_byte_strings(s1, s2)
         s2_bytes = s2.bytes
-        s1.bytes.map.with_index { |c1, i| c1 ^ s2_bytes[i] }.pack('c*')
+        s1.each_byte.with_index { |c1, i| s2_bytes[i] ^= c1 }
+        s2_bytes.pack('C*')
       end
 
       # The form's authenticity parameter. Override to provide your own.
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index d3382ef296..25ec3cf5b6 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -109,7 +109,7 @@ module ActionController
     cattr_accessor :permit_all_parameters, instance_accessor: false
     cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
 
-    delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?, :inspect,
+    delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,
       :as_json, to: :@parameters
 
     # By default, never raise an UnpermittedParameters exception if these
@@ -122,16 +122,6 @@ module ActionController
     cattr_accessor :always_permitted_parameters
     self.always_permitted_parameters = %w( controller action )
 
-    def self.const_missing(const_name)
-      return super unless const_name == :NEVER_UNPERMITTED_PARAMS
-      ActiveSupport::Deprecation.warn(<<-MSG.squish)
-        `ActionController::Parameters::NEVER_UNPERMITTED_PARAMS` has been deprecated.
-        Use `ActionController::Parameters.always_permitted_parameters` instead.
-      MSG
-
-      always_permitted_parameters
-    end
-
     # Returns a new instance of <tt>ActionController::Parameters</tt>.
     # Also, sets the +permitted+ attribute to the default value of
     # <tt>ActionController::Parameters.permit_all_parameters</tt>.
@@ -154,17 +144,21 @@ module ActionController
     end
 
     # Returns true if another +Parameters+ object contains the same content and
-    # permitted flag, or other Hash-like object contains the same content. This
-    # override is in place so you can perform a comparison with `Hash`.
-    def ==(other_hash)
-      if other_hash.respond_to?(:permitted?)
-        super
+    # permitted flag.
+    def ==(other)
+      if other.respond_to?(:permitted?)
+        self.permitted? == other.permitted? && self.parameters == other.parameters
+      elsif other.is_a?(Hash)
+        ActiveSupport::Deprecation.warn <<-WARNING.squish
+          Comparing equality between `ActionController::Parameters` and a
+          `Hash` is deprecated and will be removed in Rails 5.1. Please only do
+          comparisons between instances of `ActionController::Parameters`. If
+          you need to compare to a hash, first convert it using
+          `ActionController::Parameters#new`.
+        WARNING
+        @parameters == other.with_indifferent_access
       else
-        if other_hash.is_a?(Hash)
-          @parameters == other_hash.with_indifferent_access
-        else
-          @parameters == other_hash
-        end
+        @parameters == other
       end
     end
 
@@ -584,6 +578,10 @@ module ActionController
       dup
     end
 
+    def inspect
+      "<#{self.class} #{@parameters}>"
+    end
+
     def method_missing(method_sym, *args, &block)
       if @parameters.respond_to?(method_sym)
         message = <<-DEPRECATE.squish
@@ -603,12 +601,14 @@ module ActionController
     end
 
     protected
+      attr_reader :parameters
+
       def permitted=(new_permitted)
         @permitted = new_permitted
       end
 
       def fields_for_style?
-        @parameters.all? { |k, v| k =~ /\A-?\d+\z/ && v.is_a?(Hash) }
+        @parameters.all? { |k, v| k =~ /\A-?\d+\z/ && (v.is_a?(Hash) || v.is_a?(Parameters)) }
       end
 
     private