From 1d375e59f1deeeb13df68baecaf8a0e8602dd933 Mon Sep 17 00:00:00 2001
From: Vasiliy Ermolovich <younash@gmail.com>
Date: Sat, 7 Sep 2013 15:16:45 +0300
Subject: do not break params filtering on nil values

closes #12149
---
 actionpack/lib/action_controller/metal/strong_parameters.rb     | 2 +-
 actionpack/test/controller/parameters/parameters_permit_test.rb | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index ae600b1ebe..b495ab3f0f 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -421,7 +421,7 @@ module ActionController
 
         # Slicing filters out non-declared keys.
         slice(*filter.keys).each do |key, value|
-          return unless value
+          next unless value
 
           if filter[key] == EMPTY_ARRAY
             # Declaration { comment_ids: [] }.
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb
index 437da43d9b..84e007b5d0 100644
--- a/actionpack/test/controller/parameters/parameters_permit_test.rb
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -107,6 +107,15 @@ class ParametersPermitTest < ActiveSupport::TestCase
     assert_equal [], permitted[:id]
   end
 
+  test 'do not break params filtering on nil values' do
+    params = ActionController::Parameters.new(a: 1, b: [1, 2, 3], c: nil)
+
+    permitted = params.permit(:a, c: [], b: [])
+    assert_equal 1, permitted[:a]
+    assert_equal [1, 2, 3], permitted[:b]
+    assert_equal nil, permitted[:c]
+  end
+
   test 'key to empty array: arrays of permitted scalars pass' do
     [['foo'], [1], ['foo', 'bar'], [1, 2, 3]].each do |array|
       params = ActionController::Parameters.new(id: array)
-- 
cgit v1.2.3