From 9b51ee9f925e9c1f64d0bae2039ff70cea0d0959 Mon Sep 17 00:00:00 2001
From: Alireza Bashiri <azbshiri@gmail.com>
Date: Fri, 20 Jul 2018 15:18:49 +0430
Subject: Prevent `RequestEncoder#encode_params` to parse falsey params

When a `get` method called with `as: :json` and `params: nil` or
`params: false` (explicitly or implicitly)
`RequestEncoder#encode_params` converts it into a `null` or `false`
value which includes a unexpected `null=` or `false` query string into
request URL. From now on `RequestEncoder#encode_params` checks whether
`params` is nil or not otherwise returns.

Move down `nil` conversion guard


Update CHANGELOG.md
---
 actionpack/CHANGELOG.md                                   |  7 +++++++
 actionpack/lib/action_dispatch/testing/request_encoder.rb |  2 +-
 actionpack/test/controller/integration_test.rb            | 14 ++++++++++++++
 3 files changed, 22 insertions(+), 1 deletion(-)

(limited to 'actionpack')

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index 7645b2b0e7..af8ecb7e2a 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -50,5 +50,12 @@
 
     *Jeremy Daer*
 
+*   Prevent `RequestEncoder#encode_params` to parse falsey params
+    
+    Now `RequestEncoder#encode_params` doesn't convert
+    falsey params into query string.
+
+    *Alireza Bashiri*
+
 
 Please check [5-2-stable](https://github.com/rails/rails/blob/5-2-stable/actionpack/CHANGELOG.md) for previous changes.
diff --git a/actionpack/lib/action_dispatch/testing/request_encoder.rb b/actionpack/lib/action_dispatch/testing/request_encoder.rb
index 01246b7a2e..9889f61951 100644
--- a/actionpack/lib/action_dispatch/testing/request_encoder.rb
+++ b/actionpack/lib/action_dispatch/testing/request_encoder.rb
@@ -34,7 +34,7 @@ module ActionDispatch
     end
 
     def encode_params(params)
-      @param_encoder.call(params)
+      @param_encoder.call(params) if params
     end
 
     def self.parser(content_type)
diff --git a/actionpack/test/controller/integration_test.rb b/actionpack/test/controller/integration_test.rb
index 41812a82e1..39ede1442a 100644
--- a/actionpack/test/controller/integration_test.rb
+++ b/actionpack/test/controller/integration_test.rb
@@ -1079,6 +1079,20 @@ class IntegrationRequestEncodersTest < ActionDispatch::IntegrationTest
     end
   end
 
+  def test_get_request_with_json_excludes_null_query_string
+    with_routing do |routes|
+      routes.draw do
+        ActiveSupport::Deprecation.silence do
+          get ":action" => FooController
+        end
+      end
+
+      get "/foos_json", as: :json
+
+      assert_equal "http://www.example.com/foos_json", request.url
+    end
+  end
+
   private
     def post_to_foos(as:)
       with_routing do |routes|
-- 
cgit v1.2.3