Browse files

Revert "Convert StrongParameters cache to a hash. This fixes an unbou…


We cannot cache keys because arrays are mutable. We rather want to cache
the arrays. This behaviour is tailor-made for the usage pattern strongs
params is designed for.

In a forthcoming commit I am going to add a test that covers why we need
to cache by value.

Every strong params instance has a live span of a request, the cache goes
away with the object. Since strong params have such a concrete intention,
it would be interesting to see if there are actually any real-world use
cases that are an actual leak, one that practically may matter.

I am not convinced that the theoretical leak has any practical consequences,
but if it can be shown there are, then I believe we should either get rid of
the cache (which is an optimization), or else wipe it in the mutating API.

This reverts commit e63be27.
  • Loading branch information...
1 parent a39c88b commit 1ecada20d163ec1a3b0a3b6b51922da1dd7f089e @fxn fxn committed Jun 7, 2014
12 actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -130,7 +130,7 @@ def initialize(attributes = nil)
# looping in the common use case permit + mass-assignment. Defined in a
# method to instantiate it only if needed.
def converted_arrays
- @converted_arrays ||= {}
+ @converted_arrays ||=
# Returns +true+ if the parameter is permitted, +false+ otherwise.
@@ -333,15 +333,15 @@ def permitted=(new_permitted)
def convert_hashes_to_parameters(key, value, assign_if_converted=true)
- converted = convert_value_to_parameters(key, value)
+ converted = convert_value_to_parameters(value)
self[key] = converted if assign_if_converted && !converted.equal?(value)
- def convert_value_to_parameters(key, value)
- if value.is_a?(Array) && !converted_arrays.member?(key)
- converted = { |v| convert_value_to_parameters(nil, v) }
- converted_arrays[key] = converted if key
+ def convert_value_to_parameters(value)
+ if value.is_a?(Array) && !converted_arrays.member?(value)
+ converted = { |_| convert_value_to_parameters(_) }
+ converted_arrays << converted
elsif value.is_a?(Parameters) || !value.is_a?(Hash)
2 actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -169,7 +169,7 @@ def assert_filtered_out(params, key)
test 'arrays are converted at most once' do
params = [{}])
- assert_same params[:foo], params[:foo]
+ assert params[:foo].equal?(params[:foo])
test "fetch doesnt raise ParameterMissing exception if there is a default" do

0 comments on commit 1ecada2

Please sign in to comment.