From 1d375e59f1deeeb13df68baecaf8a0e8602dd933 Mon Sep 17 00:00:00 2001 From: Vasiliy Ermolovich Date: Sat, 7 Sep 2013 15:16:45 +0300 Subject: do not break params filtering on nil values closes #12149 --- actionpack/test/controller/parameters/parameters_permit_test.rb | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'actionpack/test/controller/parameters/parameters_permit_test.rb') diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 437da43d9b..84e007b5d0 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -107,6 +107,15 @@ class ParametersPermitTest < ActiveSupport::TestCase assert_equal [], permitted[:id] end + test 'do not break params filtering on nil values' do + params = ActionController::Parameters.new(a: 1, b: [1, 2, 3], c: nil) + + permitted = params.permit(:a, c: [], b: []) + assert_equal 1, permitted[:a] + assert_equal [1, 2, 3], permitted[:b] + assert_equal nil, permitted[:c] + end + test 'key to empty array: arrays of permitted scalars pass' do [['foo'], [1], ['foo', 'bar'], [1, 2, 3]].each do |array| params = ActionController::Parameters.new(id: array) -- cgit v1.2.3 From 7171111d3af10c80e3b38658d4fa0aa36858677f Mon Sep 17 00:00:00 2001 From: Doug Cole Date: Sat, 26 Oct 2013 19:22:31 -0700 Subject: don't mutate hash with fetch --- actionpack/test/controller/parameters/parameters_permit_test.rb | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'actionpack/test/controller/parameters/parameters_permit_test.rb') diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 84e007b5d0..b60c5f058d 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -147,6 +147,12 @@ class ParametersPermitTest < ActiveSupport::TestCase assert_equal :foo, e.param end + test "fetch with a default value of a hash does not mutate the object" do + params = ActionController::Parameters.new({}) + params.fetch :foo, {} + assert_equal nil, params[:foo] + end + test "fetch doesnt raise ParameterMissing exception if there is a default" do assert_equal "monkey", @params.fetch(:foo, "monkey") assert_equal "monkey", @params.fetch(:foo) { "monkey" } -- cgit v1.2.3 From 92f9ff8cc325d72d74cbf839ac9ac0acd474a768 Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Sat, 21 Dec 2013 01:11:47 +0100 Subject: converts hashes in arrays of unfiltered params to unpermitted params [fixes #13382] --- actionpack/test/controller/parameters/parameters_permit_test.rb | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'actionpack/test/controller/parameters/parameters_permit_test.rb') diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index b60c5f058d..ba191a7227 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -153,6 +153,13 @@ class ParametersPermitTest < ActiveSupport::TestCase assert_equal nil, params[:foo] end + test 'hashes in array values get wrapped' do + params = ActionController::Parameters.new(foo: [{}, {}]) + params[:foo].each do |hash| + assert !hash.permitted? + end + end + test "fetch doesnt raise ParameterMissing exception if there is a default" do assert_equal "monkey", @params.fetch(:foo, "monkey") assert_equal "monkey", @params.fetch(:foo) { "monkey" } -- cgit v1.2.3 From 273045d6d5c5f68e38f917e8ab4b1ad533d23aac Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Sat, 21 Dec 2013 14:22:08 +0100 Subject: optimizes array conversion in AC::Parameters --- actionpack/test/controller/parameters/parameters_permit_test.rb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'actionpack/test/controller/parameters/parameters_permit_test.rb') diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index ba191a7227..9c1828e9aa 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -160,6 +160,11 @@ class ParametersPermitTest < ActiveSupport::TestCase end end + test 'arrays are converted at most once' do + params = ActionController::Parameters.new(foo: [{}]) + assert params[:foo].equal?(params[:foo]) + end + test "fetch doesnt raise ParameterMissing exception if there is a default" do assert_equal "monkey", @params.fetch(:foo, "monkey") assert_equal "monkey", @params.fetch(:foo) { "monkey" } -- cgit v1.2.3 From fa0380cb4a7f08909e961a8e355c70ba3a676253 Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Mon, 23 Dec 2013 22:55:03 +0100 Subject: AC::Parameters#permit! permits hashes in array values --- .../test/controller/parameters/parameters_permit_test.rb | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'actionpack/test/controller/parameters/parameters_permit_test.rb') diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 9c1828e9aa..33a91d72d9 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -8,9 +8,16 @@ class ParametersPermitTest < ActiveSupport::TestCase end setup do - @params = ActionController::Parameters.new({ person: { - age: "32", name: { first: "David", last: "Heinemeier Hansson" } - }}) + @params = ActionController::Parameters.new( + person: { + age: '32', + name: { + first: 'David', + last: 'Heinemeier Hansson' + }, + addresses: [{city: 'Chicago', state: 'Illinois'}] + } + ) @struct_fields = [] %w(0 1 12).each do |number| @@ -233,6 +240,7 @@ class ParametersPermitTest < ActiveSupport::TestCase assert @params.permitted? assert @params[:person].permitted? assert @params[:person][:name].permitted? + assert @params[:person][:addresses][0].permitted? end test "permitted takes a default value when Parameters.permit_all_parameters is set" do -- cgit v1.2.3