Permalink
Browse files

Make multi-params attribute regex more restrictive.

  • Loading branch information...
1 parent 310ed05 commit e05301bded00d9d6085e204acd0e2d87fa49516f @svoop svoop committed Oct 5, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/action_controller/parameters.rb
@@ -39,7 +39,7 @@ def permit(*filters)
case filter
when Symbol, String then
params[filter] = self[filter] if has_key?(filter)
- keys.grep(/^#{filter}\(\w+\)$/).each { |key| params[key] = self[key] }
+ keys.grep(/\A#{Regexp.escape(filter)}\(\di\)\z/).each { |key| params[key] = self[key] }
when Hash then
self.slice(*filter.keys).each do |key, value|
return unless value

0 comments on commit e05301b

Please sign in to comment.