Skip to content
Browse files

AC::Parameters#permit! permits hashes in array values

  • Loading branch information...
1 parent 1da203d commit ccd400e19c28d844fadb26f446f8d5189f3baed2 @fxn fxn committed
Showing with 16 additions and 5 deletions.
  1. +5 −2 lib/action_controller/parameters.rb
  2. +11 −3 test/parameters_taint_test.rb
View
7 lib/action_controller/parameters.rb
@@ -4,6 +4,7 @@
require 'active_support/concern'
require 'active_support/core_ext/hash/indifferent_access'
+require 'active_support/core_ext/array/wrap'
require 'action_controller'
require 'action_dispatch/http/upload'
@@ -43,8 +44,10 @@ def initialize(attributes = nil)
def permit!
each_pair do |key, value|
- convert_hashes_to_parameters(key, value)
- self[key].permit! if self[key].respond_to? :permit!
+ value = convert_hashes_to_parameters(key, value)
+ Array.wrap(value).each do |_|
+ _.permit! if _.respond_to? :permit!
+ end
end
@permitted = true
View
14 test/parameters_taint_test.rb
@@ -3,9 +3,16 @@
class ParametersTaintTest < ActiveSupport::TestCase
setup do
- @params = ActionController::Parameters.new({ :person => {
- :age => "32", :name => { :first => "David", :last => "Heinemeier Hansson" }
- }})
+ @params = ActionController::Parameters.new(
+ person: {
+ age: '32',
+ name: {
+ first: 'David',
+ last: 'Heinemeier Hansson'
+ },
+ addresses: [{city: 'Chicago', state: 'Illinois'}]
+ }
+ )
end
test "fetch raises ParameterMissing exception" do
@@ -89,5 +96,6 @@ class ParametersTaintTest < ActiveSupport::TestCase
assert @params.permitted?
assert @params[:person].permitted?
assert @params[:person][:name].permitted?
+ assert @params[:person][:addresses][0].permitted?
end
end

0 comments on commit ccd400e

Please sign in to comment.
Something went wrong with that request. Please try again.