From e995734e7fcf84f6eade61d180275a9d929cc0a7 Mon Sep 17 00:00:00 2001 From: Egor Homakov Date: Wed, 13 Jun 2012 17:49:29 +0400 Subject: [PATCH] These lines don't help to mitigate CVE. They only turn [nil] into nil, w/o them [nil] turns into [] and that is quite innocent. generated SQL - `IN (NULL)` compact! did all the job. --- actionpack/lib/action_dispatch/http/request.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb index 65ff6fb7d8e40..8cea17c7a6765 100644 --- a/actionpack/lib/action_dispatch/http/request.rb +++ b/actionpack/lib/action_dispatch/http/request.rb @@ -267,9 +267,6 @@ def local? # Remove nils from the params hash def deep_munge(hash) - keys = hash.keys.find_all { |k| hash[k] == [nil] } - keys.each { |k| hash[k] = nil } - hash.each_value do |v| case v when Array