From 277918e61afaec64c1378194ea272f938beaa8ad Mon Sep 17 00:00:00 2001
From: kennyj <kennyj@gmail.com>
Date: Sun, 22 Sep 2013 23:57:21 +0900
Subject: Strong parameters should permit nested number as key. Closes #12293

---
 actionpack/CHANGELOG.md                                   |  6 ++++++
 .../lib/action_controller/metal/strong_parameters.rb      |  6 +++++-
 .../test/controller/parameters/nested_parameters_test.rb  | 15 +++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index b0b75f6909..a11cd0b553 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -1,3 +1,9 @@
+*   Strong parameters should permit nested number as key.
+
+    Fixes #12293
+
+    *kennyj*
+
 *   Fix regex used to detect URI schemes in `redirect_to` to be consistent with
     RFC 3986.
 
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index b495ab3f0f..66403d533c 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -334,7 +334,7 @@ module ActionController
       def each_element(object)
         if object.is_a?(Array)
           object.map { |el| yield el }.compact
-        elsif object.is_a?(Hash) && object.keys.all? { |k| k =~ /\A-?\d+\z/ }
+        elsif fields_for_style?(object)
           hash = object.class.new
           object.each { |k,v| hash[k] = yield v }
           hash
@@ -343,6 +343,10 @@ module ActionController
         end
       end
 
+      def fields_for_style?(object)
+        object.is_a?(Hash) && object.all? { |k, v| k =~ /\A-?\d+\z/ && v.is_a?(Hash) }
+      end
+
       def unpermitted_parameters!(params)
         unpermitted_keys = unpermitted_keys(params)
         if unpermitted_keys.any?
diff --git a/actionpack/test/controller/parameters/nested_parameters_test.rb b/actionpack/test/controller/parameters/nested_parameters_test.rb
index 91df527dec..3b1257e8d5 100644
--- a/actionpack/test/controller/parameters/nested_parameters_test.rb
+++ b/actionpack/test/controller/parameters/nested_parameters_test.rb
@@ -169,4 +169,19 @@ class NestedParametersTest < ActiveSupport::TestCase
 
     assert_filtered_out permitted[:book][:authors_attributes]['-1'], :age_of_death
   end
+
+  test "nested number as key" do
+    params = ActionController::Parameters.new({
+      product: {
+        properties: {
+          '0' => "prop0",
+          '1' => "prop1"
+        }
+      }
+    })
+    params = params.require(:product).permit(:properties => ["0"])
+    assert_not_nil        params[:properties]["0"]
+    assert_nil            params[:properties]["1"]
+    assert_equal "prop0", params[:properties]["0"]
+  end
 end
-- 
cgit v1.2.3