Merge pull request #40053 from composerinteralia/safe-yaml-config-for

Use deep_symbolize_keys instead of symbolize_names
rails · Nov 17, 2020 · 000e285 · 000e285
2 parents 1aa14a6 + be2fd61
commit 000e285
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 1 deletion.
diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb
@@ -243,7 +243,7 @@ def config_for(name, env: Rails.env)
 
       if yaml.exist?
         require "erb"
-        all_configs    = ActiveSupport::ConfigurationFile.parse(yaml, symbolize_names: true)
+        all_configs    = ActiveSupport::ConfigurationFile.parse(yaml).deep_symbolize_keys
         config, shared = all_configs[env.to_sym], all_configs[:shared]
 
         if config.is_a?(Hash)

diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
@@ -2129,6 +2129,19 @@ class D < C
       assert_equal "unicorn", Rails.application.config.my_custom_config[:key]
     end
 
+    test "config_for handles YAML patches (like safe_yaml) that disable the symbolize_names option" do
+      app_file "config/custom.yml", <<~RUBY
+        development:
+          key: value
+      RUBY
+
+      app "development"
+
+      YAML.stub :load, { "development" => { "key" => "value" } } do
+        assert_equal({ key: "value" }, Rails.application.config_for(:custom))
+      end
+    end
+
     test "api_only is false by default" do
       app "development"
       assert_not Rails.application.config.api_only