From 19eec522978348bcae8f733ee3dcdcffd5d4a2be Mon Sep 17 00:00:00 2001 From: Jon Moss Date: Wed, 22 Jun 2016 14:34:30 -0400 Subject: `params.permitted?` is false by default In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will be permitted by default. The default is +false+." --- actionpack/lib/action_controller/metal/strong_parameters.rb | 2 ++ actionpack/test/controller/parameters/parameters_permit_test.rb | 6 ++++++ 2 files changed, 8 insertions(+) (limited to 'actionpack') diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index 6b53f90c14..b326695ce2 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -106,6 +106,8 @@ module ActionController # params["key"] # => "value" class Parameters cattr_accessor :permit_all_parameters, instance_accessor: false + self.permit_all_parameters = false + cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?, diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index b75eb0e3bf..2eed2996f6 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -369,4 +369,10 @@ class ParametersPermitTest < ActiveSupport::TestCase refute params.permit(foo: [:bar]).has_key?(:foo) refute params.permit(foo: :bar).has_key?(:foo) end + + test '#permitted? is false by default' do + params = ActionController::Parameters.new + + assert_equal false, params.permitted? + end end -- cgit v1.2.3