From 1e923b498492424ae627d7a2c61339148f887503 Mon Sep 17 00:00:00 2001
From: Gannon McGibbon <gannon.mcgibbon@gmail.com>
Date: Mon, 7 Jan 2019 14:05:50 -0500
Subject: Allow strong params in ActiveRecord::Base#exists?

Allow `ActionController::Params` as argument of
`ActiveRecord::Base#exists?`
---
 activerecord/lib/active_record/relation/finder_methods.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'activerecord/lib/active_record')

diff --git a/activerecord/lib/active_record/relation/finder_methods.rb b/activerecord/lib/active_record/relation/finder_methods.rb
index dc03b196f4..fd84f9c46b 100644
--- a/activerecord/lib/active_record/relation/finder_methods.rb
+++ b/activerecord/lib/active_record/relation/finder_methods.rb
@@ -312,6 +312,8 @@ module ActiveRecord
 
       return false if !conditions || limit_value == 0
 
+      conditions = sanitize_forbidden_attributes(conditions)
+
       if eager_loading?
         relation = apply_join_dependency(eager_loading: false)
         return relation.exists?(conditions)
-- 
cgit v1.2.3