From 87b6e6aa4328f16edd68978079f473169cceecbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ana=20Mar=C3=ADa=20Mart=C3=ADnez=20G=C3=B3mez?=
 <anamma06@gmail.com>
Date: Tue, 7 Aug 2018 17:23:57 +0200
Subject: Use public_send in value_for_collection

Avoid exposing private methods in view's helpers.

Fixes https://github.com/rails/rails/issues/33546
---
 actionview/CHANGELOG.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'actionview/CHANGELOG.md')

diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index 6d45cc1d8a..8597fea48d 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,3 +1,13 @@
+*  Stop exposing public methods in view's helpers.
+
+   For example, in methods like `options_from_collection_for_select`,
+   it was possible to call private methods from the objects used.
+
+   See [#33546](https://github.com/rails/rails/issues/33546) for details.
+
+   *[Ana María Martínez Gómez](https://github.com/Ana06)*  
+
+
 *   Fix issue with `button_to`'s `to_form_params`
 
     `button_to` was throwing exception when invoked with `params` hash that
-- 
cgit v1.2.3