From c14859513a648270705b61210dc3ab2fe5d04004 Mon Sep 17 00:00:00 2001 From: Kevin Deisz Date: Fri, 24 Aug 2018 16:10:17 -0400 Subject: Convert over the rest of the whitelist references --- actionpack/lib/action_dispatch/http/mime_negotiation.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actionpack/lib/action_dispatch') diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb index d7435fa8df..580f5fe41a 100644 --- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb +++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb @@ -87,7 +87,7 @@ module ActionDispatch else raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols. " \ "For security reasons, never directly set the variant to a user-provided value, " \ - "like params[:variant].to_sym. Check user-provided value against a whitelist first, " \ + "like params[:variant].to_sym. Check user-provided value against a permitted list first, " \ "then set the variant: request.variant = :tablet if params[:variant] == 'tablet'" end end -- cgit v1.2.3 From 0efecd913c07104e8fba82d5044c1ad824af68d5 Mon Sep 17 00:00:00 2001 From: Kevin Deisz Date: Fri, 24 Aug 2018 16:16:41 -0400 Subject: Convert remaining usage of whitelist and blacklist --- actionpack/lib/action_dispatch/routing/mapper.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actionpack/lib/action_dispatch') diff --git a/actionpack/lib/action_dispatch/routing/mapper.rb b/actionpack/lib/action_dispatch/routing/mapper.rb index ff325afc54..07e3be4db8 100644 --- a/actionpack/lib/action_dispatch/routing/mapper.rb +++ b/actionpack/lib/action_dispatch/routing/mapper.rb @@ -553,10 +553,10 @@ module ActionDispatch # # match 'json_only', constraints: { format: 'json' }, via: :get # - # class Whitelist + # class PermitList # def matches?(request) request.remote_ip == '1.2.3.4' end # end - # match 'path', to: 'c#a', constraints: Whitelist.new, via: :get + # match 'path', to: 'c#a', constraints: PermitList.new, via: :get # # See Scoping#constraints for more examples with its scope # equivalent. -- cgit v1.2.3 From 7c9751d7fe3aec1e67004d1bb5e4a1702fcacafb Mon Sep 17 00:00:00 2001 From: Kevin Deisz Date: Mon, 27 Aug 2018 09:30:05 -0400 Subject: Permit list usage cleanup and clearer documentation --- actionpack/lib/action_dispatch/http/mime_negotiation.rb | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'actionpack/lib/action_dispatch') diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb index 580f5fe41a..be129965d1 100644 --- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb +++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb @@ -85,10 +85,7 @@ module ActionDispatch if variant.all? { |v| v.is_a?(Symbol) } @variant = ActiveSupport::ArrayInquirer.new(variant) else - raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols. " \ - "For security reasons, never directly set the variant to a user-provided value, " \ - "like params[:variant].to_sym. Check user-provided value against a permitted list first, " \ - "then set the variant: request.variant = :tablet if params[:variant] == 'tablet'" + raise ArgumentError, "request.variant must be set to a Symbol or an Array of Symbols." end end -- cgit v1.2.3