1 files changed, 66 insertions, 62 deletions
diff --git a/actionpack/lib/action_dispatch/http/filter_parameters.rb b/actionpack/lib/action_dispatch/http/filter_parameters.rb
index 0f4afb01d9..1958e1668d 100644
--- a/actionpack/lib/action_dispatch/http/filter_parameters.rb
+++ b/actionpack/lib/action_dispatch/http/filter_parameters.rb
@@ -1,69 +1,30 @@
+require 'active_support/core_ext/object/blank'
 require 'active_support/core_ext/hash/keys'
 
 module ActionDispatch
   module Http
+    # Allows you to specify sensitive parameters which will be replaced from
+    # the request log by looking in all subhashes of the param hash for keys
+    # to filter. If a block is given, each key and value of the parameter
+    # hash and all subhashes is passed to it, the value or key can be replaced
+    # using String#replace or similar method.
+    #
+    # Examples:
+    #
+    #   env["action_dispatch.parameter_filter"] = [:password]
+    #   => replaces the value to all keys matching /password/i with "[FILTERED]"
+    #
+    #   env["action_dispatch.parameter_filter"] = [:foo, "bar"]
+    #   => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
+    #
+    #   env["action_dispatch.parameter_filter"] = lambda do |k,v|
+    #     v.reverse! if k =~ /secret/i
+    #   end
+    #   => reverses the value to all keys matching /secret/i
+    #
     module FilterParameters
       extend ActiveSupport::Concern
 
-      INTERNAL_PARAMS = %w(controller action format _method only_path)
-
-      module ClassMethods
-        # Specify sensitive parameters which will be replaced from the request log.
-        # Filters parameters that have any of the arguments as a substring.
-        # Looks in all subhashes of the param hash for keys to filter.
-        # If a block is given, each key and value of the parameter hash and all
-        # subhashes is passed to it, the value or key
-        # can be replaced using String#replace or similar method.
-        #
-        # Examples:
-        #
-        #   ActionDispatch::Request.filter_parameters :password
-        #   => replaces the value to all keys matching /password/i with "[FILTERED]"
-        #
-        #   ActionDispatch::Request.filter_parameters :foo, "bar"
-        #   => replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
-        #
-        #   ActionDispatch::Request.filter_parameters do |k,v|
-        #     v.reverse! if k =~ /secret/i
-        #   end
-        #   => reverses the value to all keys matching /secret/i
-        #
-        #   ActionDispatch::Request.filter_parameters(:foo, "bar") do |k,v|
-        #     v.reverse! if k =~ /secret/i
-        #   end
-        #   => reverses the value to all keys matching /secret/i, and
-        #      replaces the value to all keys matching /foo|bar/i with "[FILTERED]"
-        def filter_parameters(*filter_words, &block)
-          raise "You must filter at least one word" if filter_words.empty?
-
-          parameter_filter = Regexp.new(filter_words.join('|'), true)
-
-          define_method(:process_parameter_filter) do |original_params|
-            filtered_params = {}
-
-            original_params.each do |key, value|
-              if key =~ parameter_filter
-                value = '[FILTERED]'
-              elsif value.is_a?(Hash)
-                value = process_parameter_filter(value)
-              elsif value.is_a?(Array)
-                value = value.map { |i| process_parameter_filter(i) }
-              elsif block_given?
-                key = key.dup
-                value = value.dup if value.duplicable?
-                yield key, value
-              end
-
-              filtered_params[key] = value
-            end
-
-            filtered_params.except!(*INTERNAL_PARAMS)
-          end
-
-          protected :process_parameter_filter
-        end
-      end
-
       # Return a hash of parameters with all sensitive data replaced.
       def filtered_parameters
         @filtered_parameters ||= process_parameter_filter(parameters)
@@ -71,7 +32,6 @@ module ActionDispatch
       alias :fitered_params :filtered_parameters
 
       # Return a hash of request.env with all sensitive data replaced.
-      # TODO Josh should white list env to remove stuff like rack.input and rack.errors
       def filtered_env
         filtered_env = @env.dup
         filtered_env.each do |key, value|
@@ -86,8 +46,52 @@ module ActionDispatch
 
     protected
 
-      def process_parameter_filter(original_parameters)
-        original_parameters.except(*INTERNAL_PARAMS)
+      def compile_parameter_filter #:nodoc:
+        strings, regexps, blocks = [], [], []
+
+        Array(@env["action_dispatch.parameter_filter"]).each do |item|
+          case item
+          when NilClass
+          when Proc
+            blocks << item
+          when Regexp
+            regexps << item
+          else
+            strings << item.to_s
+          end
+        end
+
+        regexps << Regexp.new(strings.join('|'), true) unless strings.empty?
+        [regexps, blocks]
+      end
+
+      def filtering_parameters? #:nodoc:
+        @env["action_dispatch.parameter_filter"].present?
+      end
+
+      def process_parameter_filter(original_params) #:nodoc:
+        return original_params.dup unless filtering_parameters?
+
+        filtered_params = {}
+        regexps, blocks = compile_parameter_filter
+
+        original_params.each do |key, value|
+          if regexps.find { |r| key =~ r }
+            value = '[FILTERED]'
+          elsif value.is_a?(Hash)
+            value = process_parameter_filter(value)
+          elsif value.is_a?(Array)
+            value = value.map { |i| process_parameter_filter(i) }
+          elsif blocks.present?
+            key = key.dup
+            value = value.dup if value.duplicable?
+            blocks.each { |b| b.call(key, value) }
+          end
+
+          filtered_params[key] = value
+        end
+
+        filtered_params
       end
     end
   end