Permalink
Browse files

`params.permitted?` is false by default

In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will
be permitted by default. The default is +false+."
  • Loading branch information...
maclover7 committed Jun 22, 2016
1 parent abec128 commit 19eec522978348bcae8f733ee3dcdcffd5d4a2be
@@ -106,6 +106,8 @@ def initialize(params) # :nodoc:
# params["key"] # => "value"
class Parameters
cattr_accessor :permit_all_parameters, instance_accessor: false
self.permit_all_parameters = false
cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,
@@ -369,4 +369,10 @@ def dup; @dupped = true; end
refute params.permit(foo: [:bar]).has_key?(:foo)
refute params.permit(foo: :bar).has_key?(:foo)
end
test '#permitted? is false by default' do
params = ActionController::Parameters.new
assert_equal false, params.permitted?
end
end

0 comments on commit 19eec52

Please sign in to comment.