From 29333ddb69e69d0fa99a66bf5fab333e8c5611aa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?=
 <rafaelmfranca@gmail.com>
Date: Tue, 11 Apr 2017 22:21:14 -0400
Subject: Implement ActionController::Parameters#to_query and #to_param

Previously it was raising an error because it may be unsafe to use those
methods in a unpermitted parameter. Now we delegate to to_h that already
raise an error when the Parameters instance is not permitted.

This also fix a bug when using `#to_query` in a hash that contains a
`ActionController::Parameters` instance and was returning the name of the
class in the string.
---
 .../action_controller/metal/strong_parameters.rb   | 30 ++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

(limited to 'actionpack/lib/action_controller/metal/strong_parameters.rb')

diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 62c654da03..ac8e7eec84 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -275,6 +275,34 @@ module ActionController
       to_h.to_hash
     end
 
+    # Returns a string representation of the receiver suitable for use as a URL
+    # query string:
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: 'David',
+    #     nationality: 'Danish'
+    #   })
+    #   params.to_query
+    #   # => "name=David&nationality=Danish"
+    #
+    # An optional namespace can be passed to enclose key names:
+    #
+    #   params = ActionController::Parameters.new({
+    #     name: 'David',
+    #     nationality: 'Danish'
+    #   })
+    #   params.to_query('user')
+    #   # => "user%5Bname%5D=David&user%5Bnationality%5D=Danish"
+    #
+    # The string pairs "key=value" that conform the query string
+    # are sorted lexicographically in ascending order.
+    #
+    # This method is also aliased as +to_param+.
+    def to_query(*args)
+      to_h.to_query(*args)
+    end
+    alias_method :to_param, :to_query
+
     # Returns an unsafe, unfiltered
     # <tt>ActiveSupport::HashWithIndifferentAccess</tt> representation of this
     # parameter.
@@ -744,8 +772,6 @@ module ActionController
       end
     end
 
-    undef_method :to_param
-
     # Returns duplicate of object including all parameters.
     def deep_dup
       self.class.new(@parameters.deep_dup).tap do |duplicate|
-- 
cgit v1.2.3