You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
irb(main):001:0> params_1 = ActionController::Parameters.new({})
<ActionController::Parameters {} permitted: false>
irb(main):002:0> params_2 = ActionController::Parameters.new({})
<ActionController::Parameters {} permitted: false>
irb(main):003:0> params_1.merge(params_2)
DEPRECATION WARNING: Method to_hash is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.0.1/classes/ActionController/Parameters.html
Expected behavior
ActionController::Parameters knows everything it needs to carry over all of the permitted and required parameters and therefore it is detrimental to first convert it into a hash since that step removes all permitted and required information from the object being merged.
The resulting object should be an ActionController::Parameters object with the combined data and permissions of both of the original objects.
Actual behavior
See above
System configuration
Rails version: 5.0.0.1 Ruby version: 2.3.0
The text was updated successfully, but these errors were encountered:
y-yagi
added a commit
to y-yagi/rails
that referenced
this issue
Sep 7, 2016
`ActionController::Parameters#merge` call `HashWithIndifferentAccess#merge`.
In addition, it calls `HashWithIndifferentAccess#update` from
`HashWithIndifferentAccess#merge`, where it is called the `#to_hash` of argument.
But `ActionController::Parameters#to_hash` is deprecated, warning message is
displayed.
To avoid this, modify to convert object to `Hash`.
Fixesrails#26415
Steps to reproduce
Expected behavior
ActionController::Parameters
knows everything it needs to carry over all of the permitted and required parameters and therefore it is detrimental to first convert it into a hash since that step removes all permitted and required information from the object being merged.The resulting object should be an
ActionController::Parameters
object with the combined data and permissions of both of the original objects.Actual behavior
See above
System configuration
Rails version: 5.0.0.1
Ruby version: 2.3.0
The text was updated successfully, but these errors were encountered: