7 files changed, 54 insertions, 53 deletions

diff --git a/actionpack/lib/action_controller/metal/params_wrapper.rb b/actionpack/lib/action_controller/metal/params_wrapper.rb
index cdfc523bd4..e680432127 100644
--- a/actionpack/lib/action_controller/metal/params_wrapper.rb
+++ b/actionpack/lib/action_controller/metal/params_wrapper.rb
@@ -4,8 +4,8 @@ require 'active_support/core_ext/module/anonymous'
 require 'action_dispatch/http/mime_type'
 
 module ActionController
-  # Wraps the parameters hash into a nested hash. This will allow clients to submit
-  # POST requests without having to specify any root elements.
+  # Wraps the parameters hash into a nested hash. This will allow clients to
+  # submit requests without having to specify any root elements.
   #
   # This functionality is enabled in +config/initializers/wrap_parameters.rb+
   # and can be customized.
@@ -14,7 +14,7 @@ module ActionController
   # a non-empty array:
   #
   #     class UsersController < ApplicationController
-  #       wrap_parameters format: [:json, :xml]
+  #       wrap_parameters format: [:json, :xml, :url_encoded_form, :multipart_form]
   #     end
   #
   # If you enable +ParamsWrapper+ for +:json+ format, instead of having to
diff --git a/actionpack/lib/action_controller/metal/request_forgery_protection.rb b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
index 4cb634477e..9e09242872 100644
--- a/actionpack/lib/action_controller/metal/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/metal/request_forgery_protection.rb
@@ -20,7 +20,7 @@ module ActionController #:nodoc:
   # Since HTML and JavaScript requests are typically made from the browser, we
   # need to ensure to verify request authenticity for the web browser. We can
   # use session-oriented authentication for these types of requests, by using
-  # the `protect_form_forgery` method in our controllers.
+  # the `protect_from_forgery` method in our controllers.
   #
   # GET requests are not protected since they don't have side effects like writing
   # to the database and don't leak sensitive information. JavaScript requests are
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index cf6a64009f..e78f1f0d7e 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -378,16 +378,14 @@ module ActionController
     #   params.fetch(:none, 'Francesco')    # => "Francesco"
     #   params.fetch(:none) { 'Francesco' } # => "Francesco"
     def fetch(key, *args, &block)
-      convert_hashes_to_parameters(
-        key,
+      convert_value_to_parameters(
         @parameters.fetch(key) {
           if block_given?
             yield
           else
             args.fetch(0) { raise ActionController::ParameterMissing.new(key) }
           end
-        },
-        false
+        }
       )
     end
 
@@ -475,7 +473,7 @@ module ActionController
     # optional code block is given and the key is not found, pass in the key
     # and return the result of block.
     def delete(key, &block)
-      convert_hashes_to_parameters(key, @parameters.delete(key), false)
+      convert_value_to_parameters(@parameters.delete(key))
     end
 
     # Returns a new instance of <tt>ActionController::Parameters</tt> with only
@@ -555,21 +553,23 @@ module ActionController
         end
       end
 
-      def convert_hashes_to_parameters(key, value, assign_if_converted=true)
+      def convert_hashes_to_parameters(key, value)
         converted = convert_value_to_parameters(value)
-        @parameters[key] = converted if assign_if_converted && !converted.equal?(value)
+        @parameters[key] = converted unless converted.equal?(value)
         converted
       end
 
       def convert_value_to_parameters(value)
-        if value.is_a?(Array) && !converted_arrays.member?(value)
+        case value
+        when Array
+          return value if converted_arrays.member?(value)
           converted = value.map { |_| convert_value_to_parameters(_) }
           converted_arrays << converted
           converted
-        elsif value.is_a?(Parameters) || !value.is_a?(Hash)
-          value
-        else
+        when Hash
           self.class.new(value)
+        else
+          value
         end
       end
 
diff --git a/actionpack/lib/action_dispatch/http/parameters.rb b/actionpack/lib/action_dispatch/http/parameters.rb
index c2f05ecc86..4defb7f858 100644
--- a/actionpack/lib/action_dispatch/http/parameters.rb
+++ b/actionpack/lib/action_dispatch/http/parameters.rb
@@ -37,22 +37,7 @@ module ActionDispatch
       # Convert nested Hash to HashWithIndifferentAccess.
       #
       def normalize_encode_params(params)
-        case params
-        when Hash
-          if params.has_key?(:tempfile)
-            UploadedFile.new(params)
-          else
-            params.each_with_object({}) do |(key, val), new_hash|
-              new_hash[key] = if val.is_a?(Array)
-                val.map! { |el| normalize_encode_params(el) }
-              else
-                normalize_encode_params(val)
-              end
-            end.with_indifferent_access
-          end
-        else
-          params
-        end
+        ActionDispatch::Request::Utils.normalize_encode_params params
       end
     end
   end
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 3c62c055e5..6985cec5f5 100644
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -290,7 +290,7 @@ module ActionDispatch
 
     # Override Rack's GET method to support indifferent access
     def GET
-      @env["action_dispatch.request.query_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
+      @env["action_dispatch.request.query_parameters"] ||= normalize_encode_params(super || {})
     rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
       raise ActionController::BadRequest.new(:query, e)
     end
@@ -298,7 +298,7 @@ module ActionDispatch
 
     # Override Rack's POST method to support indifferent access
     def POST
-      @env["action_dispatch.request.request_parameters"] ||= Utils.deep_munge(normalize_encode_params(super || {}))
+      @env["action_dispatch.request.request_parameters"] ||= normalize_encode_params(super || {})
     rescue Rack::Utils::ParameterTypeError, Rack::Utils::InvalidParameterError => e
       raise ActionController::BadRequest.new(:request, e)
     end
@@ -318,11 +318,6 @@ module ActionDispatch
       LOCALHOST =~ remote_addr && LOCALHOST =~ remote_ip
     end
 
-    protected
-      def parse_query(*)
-        Utils.deep_munge(super)
-      end
-
     private
       def check_method(name)
         HTTP_METHOD_LOOKUP[name] || raise(ActionController::UnknownHttpMethod, "#{name}, accepted HTTP methods are #{HTTP_METHODS[0...-1].join(', ')}, and #{HTTP_METHODS[-1]}")
diff --git a/actionpack/lib/action_dispatch/middleware/params_parser.rb b/actionpack/lib/action_dispatch/middleware/params_parser.rb
index e2b3b06fd8..2617956c74 100644
--- a/actionpack/lib/action_dispatch/middleware/params_parser.rb
+++ b/actionpack/lib/action_dispatch/middleware/params_parser.rb
@@ -17,7 +17,7 @@ module ActionDispatch
       Mime::JSON => lambda { |raw_post|
         data = ActiveSupport::JSON.decode(raw_post)
         data = {:_json => data} unless data.is_a?(Hash)
-        Request::Utils.deep_munge(data).with_indifferent_access
+        Request::Utils.normalize_encode_params(data)
       }
     }
 
diff --git a/actionpack/lib/action_dispatch/request/utils.rb b/actionpack/lib/action_dispatch/request/utils.rb
index 1c9371d89c..3973ea6346 100644
--- a/actionpack/lib/action_dispatch/request/utils.rb
+++ b/actionpack/lib/action_dispatch/request/utils.rb
@@ -5,24 +5,45 @@ module ActionDispatch
       mattr_accessor :perform_deep_munge
       self.perform_deep_munge = true
 
-      class << self
-        # Remove nils from the params hash
-        def deep_munge(hash, keys = [])
-          return hash unless perform_deep_munge
+      def self.normalize_encode_params(params)
+        if perform_deep_munge
+          NoNilParamEncoder.normalize_encode_params params
+        else
+          ParamEncoder.normalize_encode_params params
+        end
+      end
 
-          hash.each do |k, v|
-            keys << k
-            case v
-            when Array
-              v.grep(Hash) { |x| deep_munge(x, keys) }
-              v.compact!
-            when Hash
-              deep_munge(v, keys)
+      class ParamEncoder # :nodoc:
+        # Convert nested Hash to HashWithIndifferentAccess.
+        #
+        def self.normalize_encode_params(params)
+          case params
+          when Array
+            handle_array params
+          when Hash
+            if params.has_key?(:tempfile)
+              ActionDispatch::Http::UploadedFile.new(params)
+            else
+              params.each_with_object({}) do |(key, val), new_hash|
+                new_hash[key] = normalize_encode_params(val)
+              end.with_indifferent_access
             end
-            keys.pop
+          else
+            params
           end
+        end
+
+        def self.handle_array(params)
+          params.map! { |el| normalize_encode_params(el) }
+        end
+      end
 
-          hash
+      # Remove nils from the params hash
+      class NoNilParamEncoder < ParamEncoder # :nodoc:
+        def self.handle_array(params)
+          list = super
+          list.compact!
+          list
         end
       end
     end