1 files changed, 24 insertions, 5 deletions

diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb
index 47cf41cfa3..4a7df6b657 100644
--- a/actionpack/lib/action_dispatch/http/filter_parameters.rb
+++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb
@@ -1,3 +1,4 @@
+require 'mutex_m'
 require 'active_support/core_ext/hash/keys'
 require 'active_support/core_ext/object/duplicable'
 
@@ -20,9 +21,18 @@ module ActionDispatch
     #   end
     #   => reverses the value to all keys matching /secret/i
     module FilterParameters
-      extend ActiveSupport::Concern
+      @@parameter_filter_for  = {}.extend(Mutex_m)
 
-      @@parameter_filter_for  = {}
+      ENV_MATCH = [/RAW_POST_DATA/, "rack.request.form_vars"] # :nodoc:
+      NULL_PARAM_FILTER = ParameterFilter.new # :nodoc:
+      NULL_ENV_FILTER   = ParameterFilter.new ENV_MATCH # :nodoc:
+
+      def initialize(env)
+        super
+        @filtered_parameters = nil
+        @filtered_env        = nil
+        @filtered_path       = nil
+      end
 
       # Return a hash of parameters with all sensitive data replaced.
       def filtered_parameters
@@ -42,15 +52,24 @@ module ActionDispatch
     protected
 
       def parameter_filter
-        parameter_filter_for(@env["action_dispatch.parameter_filter"])
+        parameter_filter_for @env.fetch("action_dispatch.parameter_filter") {
+          return NULL_PARAM_FILTER
+        }
       end
 
       def env_filter
-        parameter_filter_for(Array(@env["action_dispatch.parameter_filter"]) + [/RAW_POST_DATA/, "rack.request.form_vars"])
+        user_key = @env.fetch("action_dispatch.parameter_filter") {
+          return NULL_ENV_FILTER
+        }
+        parameter_filter_for(Array(user_key) + ENV_MATCH)
       end
 
       def parameter_filter_for(filters)
-        @@parameter_filter_for[filters] ||= ParameterFilter.new(filters)
+        @@parameter_filter_for.synchronize do
+          # Do we *actually* need this cache? Constructing ParameterFilters
+          # doesn't seem too expensive.
+          @@parameter_filter_for[filters] ||= ParameterFilter.new(filters)
+        end
       end
 
       KV_RE   = '[^&;=]+'