RubyGems - actionpack - Versions diffs - 5.2.1 → 7.0.2.4 - Mend

actionpack 5.2.1 → 7.0.2.4

Potentially problematic release.

This version of actionpack might be problematic. Click here for more details.

Files changed (167) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +264 -220
data/MIT-LICENSE +1 -1
data/README.rdoc +6 -6
data/lib/abstract_controller/asset_paths.rb +1 -1
data/lib/abstract_controller/base.rb +24 -4
data/lib/abstract_controller/caching/fragments.rb +8 -24
data/lib/abstract_controller/caching.rb +2 -2
data/lib/abstract_controller/callbacks.rb +34 -8
data/lib/abstract_controller/collector.rb +5 -4
data/lib/abstract_controller/error.rb +1 -1
data/lib/abstract_controller/helpers.rb +107 -90
data/lib/abstract_controller/logger.rb +1 -1
data/lib/abstract_controller/railties/routes_helpers.rb +19 -1
data/lib/abstract_controller/rendering.rb +9 -9
data/lib/abstract_controller/translation.rb +12 -5
data/lib/abstract_controller/url_for.rb +4 -6
data/lib/abstract_controller.rb +2 -0
data/lib/action_controller/api.rb +5 -4
data/lib/action_controller/base.rb +6 -9
data/lib/action_controller/caching.rb +1 -3
data/lib/action_controller/log_subscriber.rb +13 -9
data/lib/action_controller/metal/basic_implicit_render.rb +1 -1
data/lib/action_controller/metal/conditional_get.rb +57 -6
data/lib/action_controller/metal/content_security_policy.rb +2 -3
data/lib/action_controller/metal/cookies.rb +4 -2
data/lib/action_controller/metal/data_streaming.rb +9 -18
data/lib/action_controller/metal/default_headers.rb +17 -0
data/lib/action_controller/metal/etag_with_template_digest.rb +4 -6
data/lib/action_controller/metal/exceptions.rb +55 -12
data/lib/action_controller/metal/flash.rb +10 -6
data/lib/action_controller/metal/head.rb +7 -4
data/lib/action_controller/metal/helpers.rb +15 -6
data/lib/action_controller/metal/http_authentication.rb +41 -39
data/lib/action_controller/metal/implicit_render.rb +5 -15
data/lib/action_controller/metal/instrumentation.rb +59 -55
data/lib/action_controller/metal/live.rb +80 -33
data/lib/action_controller/metal/logging.rb +20 -0
data/lib/action_controller/metal/mime_responds.rb +22 -7
data/lib/action_controller/metal/parameter_encoding.rb +35 -4
data/lib/action_controller/metal/params_wrapper.rb +50 -31
data/lib/action_controller/metal/permissions_policy.rb +46 -0
data/lib/action_controller/metal/redirecting.rb +93 -23
data/lib/action_controller/metal/renderers.rb +4 -4
data/lib/action_controller/metal/rendering.rb +14 -9
data/lib/action_controller/metal/request_forgery_protection.rb +160 -58
data/lib/action_controller/metal/rescue.rb +2 -2
data/lib/action_controller/metal/streaming.rb +1 -4
data/lib/action_controller/metal/strong_parameters.rb +236 -88
data/lib/action_controller/metal/testing.rb +9 -2
data/lib/action_controller/metal/url_for.rb +1 -1
data/lib/action_controller/metal.rb +16 -17
data/lib/action_controller/railtie.rb +49 -6
data/lib/action_controller/railties/helpers.rb +1 -1
data/lib/action_controller/renderer.rb +37 -13
data/lib/action_controller/template_assertions.rb +1 -1
data/lib/action_controller/test_case.rb +98 -68
data/lib/action_controller.rb +4 -5
data/lib/action_dispatch/http/cache.rb +45 -32
data/lib/action_dispatch/http/content_disposition.rb +45 -0
data/lib/action_dispatch/http/content_security_policy.rb +69 -56
data/lib/action_dispatch/http/filter_parameters.rb +14 -8
data/lib/action_dispatch/http/filter_redirect.rb +2 -3
data/lib/action_dispatch/http/headers.rb +4 -4
data/lib/action_dispatch/http/mime_negotiation.rb +44 -16
data/lib/action_dispatch/http/mime_type.rb +47 -30
data/lib/action_dispatch/http/parameters.rb +18 -27
data/lib/action_dispatch/http/permissions_policy.rb +173 -0
data/lib/action_dispatch/http/request.rb +49 -35
data/lib/action_dispatch/http/response.rb +34 -26
data/lib/action_dispatch/http/upload.rb +9 -1
data/lib/action_dispatch/http/url.rb +86 -94
data/lib/action_dispatch/journey/formatter.rb +55 -31
data/lib/action_dispatch/journey/gtg/builder.rb +30 -46
data/lib/action_dispatch/journey/gtg/simulator.rb +15 -8
data/lib/action_dispatch/journey/gtg/transition_table.rb +78 -21
data/lib/action_dispatch/journey/nfa/dot.rb +0 -11
data/lib/action_dispatch/journey/nodes/node.rb +83 -16
data/lib/action_dispatch/journey/parser.rb +13 -13
data/lib/action_dispatch/journey/parser.y +1 -1
data/lib/action_dispatch/journey/path/pattern.rb +42 -34
data/lib/action_dispatch/journey/route.rb +14 -31
data/lib/action_dispatch/journey/router/utils.rb +16 -14
data/lib/action_dispatch/journey/router.rb +27 -35
data/lib/action_dispatch/journey/routes.rb +3 -5
data/lib/action_dispatch/journey/scanner.rb +10 -4
data/lib/action_dispatch/journey/visitors.rb +1 -4
data/lib/action_dispatch/journey/visualizer/fsm.js +49 -24
data/lib/action_dispatch/journey/visualizer/index.html.erb +1 -1
data/lib/action_dispatch/journey.rb +0 -2
data/lib/action_dispatch/middleware/actionable_exceptions.rb +45 -0
data/lib/action_dispatch/middleware/callbacks.rb +2 -4
data/lib/action_dispatch/middleware/cookies.rb +136 -113
data/lib/action_dispatch/middleware/debug_exceptions.rb +47 -68
data/lib/action_dispatch/middleware/debug_locks.rb +8 -8
data/lib/action_dispatch/middleware/debug_view.rb +66 -0
data/lib/action_dispatch/middleware/exception_wrapper.rb +79 -30
data/lib/action_dispatch/middleware/executor.rb +4 -1
data/lib/action_dispatch/middleware/flash.rb +10 -12
data/lib/action_dispatch/middleware/host_authorization.rb +159 -0
data/lib/action_dispatch/middleware/public_exceptions.rb +6 -3
data/lib/action_dispatch/middleware/remote_ip.rb +30 -20
data/lib/action_dispatch/middleware/request_id.rb +5 -6
data/lib/action_dispatch/middleware/server_timing.rb +33 -0
data/lib/action_dispatch/middleware/session/abstract_store.rb +16 -3
data/lib/action_dispatch/middleware/session/cache_store.rb +11 -6
data/lib/action_dispatch/middleware/session/cookie_store.rb +24 -19
data/lib/action_dispatch/middleware/show_exceptions.rb +20 -11
data/lib/action_dispatch/middleware/ssl.rb +20 -15
data/lib/action_dispatch/middleware/stack.rb +79 -7
data/lib/action_dispatch/middleware/static.rb +150 -94
data/lib/action_dispatch/middleware/templates/rescues/_actions.html.erb +13 -0
data/lib/action_dispatch/middleware/templates/rescues/_actions.text.erb +0 -0
data/lib/action_dispatch/middleware/templates/rescues/_message_and_suggestions.html.erb +22 -0
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.html.erb +6 -11
data/lib/action_dispatch/middleware/templates/rescues/_request_and_response.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/_source.html.erb +4 -2
data/lib/action_dispatch/middleware/templates/rescues/_trace.html.erb +46 -36
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.html.erb +8 -0
data/lib/action_dispatch/middleware/templates/rescues/blocked_host.text.erb +7 -0
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.html.erb +25 -6
data/lib/action_dispatch/middleware/templates/rescues/diagnostics.text.erb +1 -1
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.html.erb +9 -6
data/lib/action_dispatch/middleware/templates/rescues/invalid_statement.text.erb +4 -1
data/lib/action_dispatch/middleware/templates/rescues/layout.erb +121 -15
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.html.erb +19 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_exact_template.text.erb +3 -0
data/lib/action_dispatch/middleware/templates/rescues/missing_template.html.erb +5 -5
data/lib/action_dispatch/middleware/templates/rescues/routing_error.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/rescues/template_error.html.erb +5 -5
data/lib/action_dispatch/middleware/templates/rescues/unknown_action.html.erb +4 -4
data/lib/action_dispatch/middleware/templates/routes/_table.html.erb +16 -2
data/lib/action_dispatch/railtie.rb +16 -4
data/lib/action_dispatch/request/session.rb +59 -22
data/lib/action_dispatch/request/utils.rb +28 -2
data/lib/action_dispatch/routing/inspector.rb +102 -54
data/lib/action_dispatch/routing/mapper.rb +184 -156
data/lib/action_dispatch/routing/polymorphic_routes.rb +21 -19
data/lib/action_dispatch/routing/redirection.rb +4 -6
data/lib/action_dispatch/routing/route_set.rb +83 -73
data/lib/action_dispatch/routing/routes_proxy.rb +1 -1
data/lib/action_dispatch/routing/url_for.rb +2 -3
data/lib/action_dispatch/routing.rb +23 -22
data/lib/action_dispatch/system_test_case.rb +65 -16
data/lib/action_dispatch/system_testing/browser.rb +43 -16
data/lib/action_dispatch/system_testing/driver.rb +42 -10
data/lib/action_dispatch/system_testing/test_helpers/screenshot_helper.rb +58 -12
data/lib/action_dispatch/system_testing/test_helpers/setup_and_teardown.rb +3 -10
data/lib/action_dispatch/testing/assertion_response.rb +0 -1
data/lib/action_dispatch/testing/assertions/response.rb +4 -7
data/lib/action_dispatch/testing/assertions/routing.rb +20 -8
data/lib/action_dispatch/testing/assertions.rb +3 -6
data/lib/action_dispatch/testing/integration.rb +61 -30
data/lib/action_dispatch/testing/request_encoder.rb +2 -2
data/lib/action_dispatch/testing/test_process.rb +8 -6
data/lib/action_dispatch/testing/test_request.rb +3 -3
data/lib/action_dispatch/testing/test_response.rb +4 -32
data/lib/action_dispatch.rb +15 -7
data/lib/action_pack/gem_version.rb +4 -4
data/lib/action_pack.rb +1 -1
metadata +44 -25
data/lib/action_controller/metal/force_ssl.rb +0 -99
data/lib/action_dispatch/http/parameter_filter.rb +0 -86
data/lib/action_dispatch/journey/nfa/builder.rb +0 -78
data/lib/action_dispatch/journey/nfa/simulator.rb +0 -49
data/lib/action_dispatch/journey/nfa/transition_table.rb +0 -120
data/lib/action_dispatch/system_testing/test_helpers/undef_methods.rb +0 -26

data/lib/action_controller/metal/rescue.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
-module ActionController #:nodoc:
+module ActionController # :nodoc:
   # This module is responsible for providing +rescue_from+ helpers
   # to controllers and configuring when detailed exceptions must be
   # shown.
@@ -18,7 +18,7 @@ module ActionController #:nodoc:
     end
     private
-      def process_action(*args)
+      def process_action(*)
         super
       rescue Exception => exception
         request.env["action_dispatch.show_detailed_exceptions"] ||= show_detailed_exceptions?

data/lib/action_controller/metal/streaming.rb CHANGED Viewed

@@ -2,7 +2,7 @@
 require "rack/chunked"
-module ActionController #:nodoc:
+module ActionController # :nodoc:
   # Allows views to be streamed back to the client as they are rendered.
   #
   # By default, Rails renders views by first rendering the template
@@ -193,10 +193,7 @@ module ActionController #:nodoc:
   # To be described.
   #
   module Streaming
-    extend ActiveSupport::Concern
     private
       # Set proper cache control and transfer encoding when streaming
       def _process_options(options)
         super

data/lib/action_controller/metal/strong_parameters.rb CHANGED Viewed

@@ -1,11 +1,9 @@
 # frozen_string_literal: true
 require "active_support/core_ext/hash/indifferent_access"
-require "active_support/core_ext/hash/transform_values"
 require "active_support/core_ext/array/wrap"
 require "active_support/core_ext/string/filters"
 require "active_support/core_ext/object/to_query"
-require "active_support/rescuable"
 require "action_dispatch/http/upload"
 require "rack/test"
 require "stringio"
@@ -21,12 +19,21 @@ module ActionController
   #   params.require(:a)
   #   # => ActionController::ParameterMissing: param is missing or the value is empty: a
   class ParameterMissing < KeyError
-    attr_reader :param # :nodoc:
+    attr_reader :param, :keys # :nodoc:
-    def initialize(param) # :nodoc:
+    def initialize(param, keys = nil) # :nodoc:
       @param = param
+      @keys  = keys
       super("param is missing or the value is empty: #{param}")
     end
+    if defined?(DidYouMean::Correctable) && defined?(DidYouMean::SpellChecker)
+      include DidYouMean::Correctable # :nodoc:
+      def corrections # :nodoc:
+        @corrections ||= DidYouMean::SpellChecker.new(dictionary: keys).correct(param.to_s)
+      end
+    end
   end
   # Raised when a supplied parameter is not expected and
@@ -59,7 +66,7 @@ module ActionController
   # == Action Controller \Parameters
   #
-  # Allows you to choose which attributes should be whitelisted for mass updating
+  # Allows you to choose which attributes should be permitted for mass updating
   # and thus prevent accidentally exposing that which shouldn't be exposed.
   # Provides two methods for this purpose: #require and #permit. The former is
   # used to mark parameters as required. The latter is used to set the parameter
@@ -74,7 +81,7 @@ module ActionController
   #   })
   #
   #   permitted = params.require(:person).permit(:name, :age)
-  #   permitted            # => <ActionController::Parameters {"name"=>"Francesco", "age"=>22} permitted: true>
+  #   permitted            # => #<ActionController::Parameters {"name"=>"Francesco", "age"=>22} permitted: true>
   #   permitted.permitted? # => true
   #
   #   Person.first.update!(permitted)
@@ -84,11 +91,13 @@ module ActionController
   #
   # * +permit_all_parameters+ - If it's +true+, all the parameters will be
   #   permitted by default. The default is +false+.
-  # * +action_on_unpermitted_parameters+ - Allow to control the behavior when parameters
-  #   that are not explicitly permitted are found. The values can be +false+ to just filter them
-  #   out, <tt>:log</tt> to additionally write a message on the logger, or <tt>:raise</tt> to raise
-  #   ActionController::UnpermittedParameters exception. The default value is <tt>:log</tt>
-  #   in test and development environments, +false+ otherwise.
+  # * +action_on_unpermitted_parameters+ - Controls behavior when parameters that are not explicitly
+  #    permitted are found. The default value is <tt>:log</tt> in test and development environments,
+  #    +false+ otherwise. The values can be:
+  #   * +false+ to take no action.
+  #   * <tt>:log</tt> to emit an <tt>ActiveSupport::Notifications.instrument</tt> event on the
+  #     <tt>unpermitted_parameters.action_controller</tt> topic and log at the DEBUG level.
+  #   * <tt>:raise</tt> to raise a <tt>ActionController::UnpermittedParameters</tt> exception.
   #
   # Examples:
   #
@@ -102,7 +111,7 @@ module ActionController
   #
   #   params = ActionController::Parameters.new(a: "123", b: "456")
   #   params.permit(:c)
-  #   # => <ActionController::Parameters {} permitted: true>
+  #   # => #<ActionController::Parameters {} permitted: true>
   #
   #   ActionController::Parameters.action_on_unpermitted_parameters = :raise
   #
@@ -133,6 +142,15 @@ module ActionController
     #
     # Returns a hash that can be used as the JSON representation for the parameters.
+    ##
+    # :method: each_key
+    #
+    # :call-seq:
+    #   each_key()
+    #
+    # Calls block once for each key in the parameters, passing the key.
+    # If no block is given, an enumerator is returned instead.
     ##
     # :method: empty?
     #
@@ -173,6 +191,14 @@ module ActionController
     #
     # Returns true if the given key is present in the parameters.
+    ##
+    # :method: member?
+    #
+    # :call-seq:
+    #   member?(key)
+    #
+    # Returns true if the given key is present in the parameters.
     ##
     # :method: keys
     #
@@ -204,8 +230,8 @@ module ActionController
     #   values()
     #
     # Returns a new array of the values of the parameters.
-    delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,
-      :as_json, :to_s, to: :@parameters
+    delegate :keys, :key?, :has_key?, :member?, :values, :has_value?, :value?, :empty?, :include?,
+      :as_json, :to_s, :each_key, to: :@parameters
     # By default, never raise an UnpermittedParameters exception if these
     # params are present. The default includes both 'controller' and 'action'
@@ -213,9 +239,15 @@ module ActionController
     # to change these is to specify `always_permitted_parameters` in your
     # config. For instance:
     #
-    #    config.always_permitted_parameters = %w( controller action format )
+    #    config.action_controller.always_permitted_parameters = %w( controller action format )
     cattr_accessor :always_permitted_parameters, default: %w( controller action )
+    class << self
+      def nested_attribute?(key, value) # :nodoc:
+        /\A-?\d+\z/.match?(key) && (value.is_a?(Hash) || value.is_a?(Parameters))
+      end
+    end
     # Returns a new instance of <tt>ActionController::Parameters</tt>.
     # Also, sets the +permitted+ attribute to the default value of
     # <tt>ActionController::Parameters.permit_all_parameters</tt>.
@@ -232,8 +264,9 @@ module ActionController
     #   params = ActionController::Parameters.new(name: "Francesco")
     #   params.permitted?  # => true
     #   Person.new(params) # => #<Person id: nil, name: "Francesco">
-    def initialize(parameters = {})
+    def initialize(parameters = {}, logging_context = {})
       @parameters = parameters.with_indifferent_access
+      @logging_context = logging_context
       @permitted = self.class.permit_all_parameters
     end
@@ -246,6 +279,11 @@ module ActionController
         @parameters == other
       end
     end
+    alias eql? ==
+    def hash
+      [@parameters.hash, @permitted].hash
+    end
     # Returns a safe <tt>ActiveSupport::HashWithIndifferentAccess</tt>
     # representation of the parameters with all unpermitted keys removed.
@@ -334,12 +372,26 @@ module ActionController
     # Convert all hashes in values into parameters, then yield each pair in
     # the same way as <tt>Hash#each_pair</tt>.
     def each_pair(&block)
+      return to_enum(__callee__) unless block_given?
       @parameters.each_pair do |key, value|
         yield [key, convert_hashes_to_parameters(key, value)]
       end
+      self
     end
     alias_method :each, :each_pair
+    # Convert all hashes in values into parameters, then yield each value in
+    # the same way as <tt>Hash#each_value</tt>.
+    def each_value(&block)
+      return to_enum(:each_value) unless block_given?
+      @parameters.each_pair do |key, value|
+        yield convert_hashes_to_parameters(key, value)
+      end
+      self
+    end
     # Attribute that keeps track of converted arrays, if any, to avoid double
     # looping in the common use case permit + mass-assignment. Defined in a
     # method to instantiate it only if needed.
@@ -390,7 +442,7 @@ module ActionController
     # either present or the singleton +false+, returns said value:
     #
     #   ActionController::Parameters.new(person: { name: "Francesco" }).require(:person)
-    #   # => <ActionController::Parameters {"name"=>"Francesco"} permitted: false>
+    #   # => #<ActionController::Parameters {"name"=>"Francesco"} permitted: false>
     #
     # Otherwise raises <tt>ActionController::ParameterMissing</tt>:
     #
@@ -440,7 +492,7 @@ module ActionController
       if value.present? || value == false
         value
       else
-        raise ParameterMissing.new(key)
+        raise ParameterMissing.new(key, @parameters.keys)
       end
     end
@@ -506,7 +558,7 @@ module ActionController
     #
     # Note that if you use +permit+ in a key that points to a hash,
     # it won't allow all the hash. You also need to specify which
-    # attributes inside the hash should be whitelisted.
+    # attributes inside the hash should be permitted.
     #
     #   params = ActionController::Parameters.new({
     #     person: {
@@ -518,13 +570,48 @@ module ActionController
     #   })
     #
     #   params.require(:person).permit(:contact)
-    #   # => <ActionController::Parameters {} permitted: true>
+    #   # => #<ActionController::Parameters {} permitted: true>
     #
     #   params.require(:person).permit(contact: :phone)
-    #   # => <ActionController::Parameters {"contact"=><ActionController::Parameters {"phone"=>"555-1234"} permitted: true>} permitted: true>
+    #   # => #<ActionController::Parameters {"contact"=>#<ActionController::Parameters {"phone"=>"555-1234"} permitted: true>} permitted: true>
     #
     #   params.require(:person).permit(contact: [ :email, :phone ])
-    #   # => <ActionController::Parameters {"contact"=><ActionController::Parameters {"email"=>"none@test.com", "phone"=>"555-1234"} permitted: true>} permitted: true>
+    #   # => #<ActionController::Parameters {"contact"=>#<ActionController::Parameters {"email"=>"none@test.com", "phone"=>"555-1234"} permitted: true>} permitted: true>
+    #
+    # If your parameters specify multiple parameters indexed by a number,
+    # you can permit each set of parameters under the numeric key to be the same using the same syntax as permitting a single item.
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       '0': {
+    #         email: "none@test.com",
+    #         phone: "555-1234"
+    #       },
+    #       '1': {
+    #         email: "nothing@test.com",
+    #         phone: "555-6789"
+    #       },
+    #     }
+    #   })
+    #   params.permit(person: [:email]).to_h
+    #   # => {"person"=>{"0"=>{"email"=>"none@test.com"}, "1"=>{"email"=>"nothing@test.com"}}}
+    #
+    # If you want to specify what keys you want from each numeric key, you can instead specify each one individually
+    #
+    #   params = ActionController::Parameters.new({
+    #     person: {
+    #       '0': {
+    #         email: "none@test.com",
+    #         phone: "555-1234"
+    #       },
+    #       '1': {
+    #         email: "nothing@test.com",
+    #         phone: "555-6789"
+    #       },
+    #     }
+    #   })
+    #   params.permit(person: { '0': [:email], '1': [:phone]}).to_h
+    #   # => {"person"=>{"0"=>{"email"=>"none@test.com"}, "1"=>{"phone"=>"555-6789"}}}
     def permit(*filters)
       params = self.class.new
@@ -546,7 +633,7 @@ module ActionController
     # returns +nil+.
     #
     #   params = ActionController::Parameters.new(person: { name: "Francesco" })
-    #   params[:person] # => <ActionController::Parameters {"name"=>"Francesco"} permitted: false>
+    #   params[:person] # => #<ActionController::Parameters {"name"=>"Francesco"} permitted: false>
     #   params[:none]   # => nil
     def [](key)
       convert_hashes_to_parameters(key, @parameters[key])
@@ -566,9 +653,9 @@ module ActionController
     # is given, then that will be run and its result returned.
     #
     #   params = ActionController::Parameters.new(person: { name: "Francesco" })
-    #   params.fetch(:person)               # => <ActionController::Parameters {"name"=>"Francesco"} permitted: false>
+    #   params.fetch(:person)               # => #<ActionController::Parameters {"name"=>"Francesco"} permitted: false>
     #   params.fetch(:none)                 # => ActionController::ParameterMissing: param is missing or the value is empty: none
-    #   params.fetch(:none, {})             # => <ActionController::Parameters {} permitted: false>
+    #   params.fetch(:none, {})             # => #<ActionController::Parameters {} permitted: false>
     #   params.fetch(:none, "Francesco")    # => "Francesco"
     #   params.fetch(:none) { "Francesco" } # => "Francesco"
     def fetch(key, *args)
@@ -577,26 +664,24 @@ module ActionController
           if block_given?
             yield
           else
-            args.fetch(0) { raise ActionController::ParameterMissing.new(key) }
+            args.fetch(0) { raise ActionController::ParameterMissing.new(key, @parameters.keys) }
           end
         }
       )
     end
-    if Hash.method_defined?(:dig)
-      # Extracts the nested parameter from the given +keys+ by calling +dig+
-      # at each step. Returns +nil+ if any intermediate step is +nil+.
-      #
-      #   params = ActionController::Parameters.new(foo: { bar: { baz: 1 } })
-      #   params.dig(:foo, :bar, :baz) # => 1
-      #   params.dig(:foo, :zot, :xyz) # => nil
-      #
-      #   params2 = ActionController::Parameters.new(foo: [10, 11, 12])
-      #   params2.dig(:foo, 1) # => 11
-      def dig(*keys)
-        convert_hashes_to_parameters(keys.first, @parameters[keys.first])
-        @parameters.dig(*keys)
-      end
+    # Extracts the nested parameter from the given +keys+ by calling +dig+
+    # at each step. Returns +nil+ if any intermediate step is +nil+.
+    #
+    #   params = ActionController::Parameters.new(foo: { bar: { baz: 1 } })
+    #   params.dig(:foo, :bar, :baz) # => 1
+    #   params.dig(:foo, :zot, :xyz) # => nil
+    #
+    #   params2 = ActionController::Parameters.new(foo: [10, 11, 12])
+    #   params2.dig(:foo, 1) # => 11
+    def dig(*keys)
+      convert_hashes_to_parameters(keys.first, @parameters[keys.first])
+      @parameters.dig(*keys)
     end
     # Returns a new <tt>ActionController::Parameters</tt> instance that
@@ -604,8 +689,8 @@ module ActionController
     # don't exist, returns an empty hash.
     #
     #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
-    #   params.slice(:a, :b) # => <ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
-    #   params.slice(:d)     # => <ActionController::Parameters {} permitted: false>
+    #   params.slice(:a, :b) # => #<ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
+    #   params.slice(:d)     # => #<ActionController::Parameters {} permitted: false>
     def slice(*keys)
       new_instance_with_inherited_permitted_status(@parameters.slice(*keys))
     end
@@ -621,8 +706,8 @@ module ActionController
     # filters out the given +keys+.
     #
     #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
-    #   params.except(:a, :b) # => <ActionController::Parameters {"c"=>3} permitted: false>
-    #   params.except(:d)     # => <ActionController::Parameters {"a"=>1, "b"=>2, "c"=>3} permitted: false>
+    #   params.except(:a, :b) # => #<ActionController::Parameters {"c"=>3} permitted: false>
+    #   params.except(:d)     # => #<ActionController::Parameters {"a"=>1, "b"=>2, "c"=>3} permitted: false>
     def except(*keys)
       new_instance_with_inherited_permitted_status(@parameters.except(*keys))
     end
@@ -630,8 +715,8 @@ module ActionController
     # Removes and returns the key/value pairs matching the given keys.
     #
     #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
-    #   params.extract!(:a, :b) # => <ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
-    #   params                  # => <ActionController::Parameters {"c"=>3} permitted: false>
+    #   params.extract!(:a, :b) # => #<ActionController::Parameters {"a"=>1, "b"=>2} permitted: false>
+    #   params                  # => #<ActionController::Parameters {"c"=>3} permitted: false>
     def extract!(*keys)
       new_instance_with_inherited_permitted_status(@parameters.extract!(*keys))
     end
@@ -641,7 +726,7 @@ module ActionController
     #
     #   params = ActionController::Parameters.new(a: 1, b: 2, c: 3)
     #   params.transform_values { |x| x * 2 }
-    #   # => <ActionController::Parameters {"a"=>2, "b"=>4, "c"=>6} permitted: false>
+    #   # => #<ActionController::Parameters {"a"=>2, "b"=>4, "c"=>6} permitted: false>
     def transform_values
       return to_enum(:transform_values) unless block_given?
       new_instance_with_inherited_permitted_status(
@@ -660,22 +745,37 @@ module ActionController
     # Returns a new <tt>ActionController::Parameters</tt> instance with the
     # results of running +block+ once for every key. The values are unchanged.
     def transform_keys(&block)
-      if block
-        new_instance_with_inherited_permitted_status(
-          @parameters.transform_keys(&block)
-        )
-      else
-        @parameters.transform_keys
-      end
+      return to_enum(:transform_keys) unless block_given?
+      new_instance_with_inherited_permitted_status(
+        @parameters.transform_keys(&block)
+      )
     end
     # Performs keys transformation and returns the altered
     # <tt>ActionController::Parameters</tt> instance.
     def transform_keys!(&block)
+      return to_enum(:transform_keys!) unless block_given?
       @parameters.transform_keys!(&block)
       self
     end
+    # Returns a new <tt>ActionController::Parameters</tt> instance with the
+    # results of running +block+ once for every key. This includes the keys
+    # from the root hash and from all nested hashes and arrays. The values are unchanged.
+    def deep_transform_keys(&block)
+      new_instance_with_inherited_permitted_status(
+        @parameters.deep_transform_keys(&block)
+      )
+    end
+    # Returns the <tt>ActionController::Parameters</tt> instance changing its keys.
+    # This includes the keys from the root hash and from all nested hashes and arrays.
+    # The values are unchanged.
+    def deep_transform_keys!(&block)
+      @parameters.deep_transform_keys!(&block)
+      self
+    end
     # Deletes a key-value pair from +Parameters+ and returns the value. If
     # +key+ is not found, returns +nil+ (or, with optional code block, yields
     # +key+ and returns the result). Cf. +#extract!+, which returns the
@@ -710,6 +810,28 @@ module ActionController
     end
     alias_method :delete_if, :reject!
+    # Returns a new instance of <tt>ActionController::Parameters</tt> with +nil+ values removed.
+    def compact
+      new_instance_with_inherited_permitted_status(@parameters.compact)
+    end
+    # Removes all +nil+ values in place and returns +self+, or +nil+ if no changes were made.
+    def compact!
+      self if @parameters.compact!
+    end
+    # Returns a new instance of <tt>ActionController::Parameters</tt> without the blank values.
+    # Uses Object#blank? for determining if a value is blank.
+    def compact_blank
+      reject { |_k, v| v.blank? }
+    end
+    # Removes all blank values in place and returns self.
+    # Uses Object#blank? for determining if a value is blank.
+    def compact_blank!
+      reject! { |_k, v| v.blank? }
+    end
     # Returns values that were assigned to the given +keys+. Note that all the
     # +Hash+ objects will be converted to <tt>ActionController::Parameters</tt>.
     def values_at(*keys)
@@ -756,7 +878,7 @@ module ActionController
     end
     def inspect
-      "<#{self.class} #{@parameters} permitted: #{@permitted}>"
+      "#<#{self.class} #{@parameters} permitted: #{@permitted}>"
     end
     def self.hook_into_yaml_loading # :nodoc:
@@ -781,14 +903,14 @@ module ActionController
         @permitted  = coder.map["ivars"][:@permitted]
       when "!ruby/object:ActionController::Parameters"
         # YAML's Object format. Only needed because of the format
-        # backwardscompability above, otherwise equivalent to YAML's initialization.
+        # backwards compatibility above, otherwise equivalent to YAML's initialization.
         @parameters, @permitted = coder.map["parameters"], coder.map["permitted"]
       end
     end
     # Returns duplicate of object including all parameters.
     def deep_dup
-      self.class.new(@parameters.deep_dup).tap do |duplicate|
+      self.class.new(@parameters.deep_dup, @logging_context).tap do |duplicate|
         duplicate.permitted = @permitted
       end
     end
@@ -796,17 +918,21 @@ module ActionController
     protected
       attr_reader :parameters
-      def permitted=(new_permitted)
-        @permitted = new_permitted
+      attr_writer :permitted
+      def nested_attributes?
+        @parameters.any? { |k, v| Parameters.nested_attribute?(k, v) }
       end
-      def fields_for_style?
-        @parameters.all? { |k, v| k =~ /\A-?\d+\z/ && (v.is_a?(Hash) || v.is_a?(Parameters)) }
+      def each_nested_attribute
+        hash = self.class.new
+        self.each { |k, v| hash[k] = yield v if Parameters.nested_attribute?(k, v) }
+        hash
       end
     private
       def new_instance_with_inherited_permitted_status(hash)
-        self.class.new(hash).tap do |new_instance|
+        self.class.new(hash, @logging_context).tap do |new_instance|
           new_instance.permitted = @permitted
         end
       end
@@ -837,24 +963,28 @@ module ActionController
         when Array
           return value if converted_arrays.member?(value)
           converted = value.map { |_| convert_value_to_parameters(_) }
-          converted_arrays << converted
+          converted_arrays << converted.dup
           converted
         when Hash
-          self.class.new(value)
+          self.class.new(value, @logging_context)
         else
           value
         end
       end
-      def each_element(object)
+      def specify_numeric_keys?(filter)
+        if filter.respond_to?(:keys)
+          filter.keys.any? { |key| /\A-?\d+\z/.match?(key) }
+        end
+      end
+      def each_element(object, filter, &block)
         case object
         when Array
-          object.grep(Parameters).map { |el| yield el }.compact
+          object.grep(Parameters).filter_map(&block)
         when Parameters
-          if object.fields_for_style?
-            hash = object.class.new
-            object.each { |k, v| hash[k] = yield v }
-            hash
+          if object.nested_attributes? && !specify_numeric_keys?(filter)
+            object.each_nested_attribute(&block)
           else
             yield object
           end
@@ -867,7 +997,7 @@ module ActionController
           case self.class.action_on_unpermitted_parameters
           when :log
             name = "unpermitted_parameters.action_controller"
-            ActiveSupport::Notifications.instrument(name, keys: unpermitted_keys)
+            ActiveSupport::Notifications.instrument(name, keys: unpermitted_keys, context: @logging_context)
           when :raise
             raise ActionController::UnpermittedParameters.new(unpermitted_keys)
           end
@@ -882,7 +1012,7 @@ module ActionController
       # --- Filtering ----------------------------------------------------------
       #
-      # This is a white list of permitted scalar types that includes the ones
+      # This is a list of permitted scalar types that includes the ones
       # supported in XML and JSON requests.
       #
       # This list is in particular used to filter ordinary requests, String goes
@@ -909,15 +1039,28 @@ module ActionController
         PERMITTED_SCALAR_TYPES.any? { |type| value.is_a?(type) }
       end
-      def permitted_scalar_filter(params, key)
-        if has_key?(key) && permitted_scalar?(self[key])
-          params[key] = self[key]
+      # Adds existing keys to the params if their values are scalar.
+      #
+      # For example:
+      #
+      #   puts self.keys #=> ["zipcode(90210i)"]
+      #   params = {}
+      #
+      #   permitted_scalar_filter(params, "zipcode")
+      #
+      #   puts params.keys # => ["zipcode"]
+      def permitted_scalar_filter(params, permitted_key)
+        permitted_key = permitted_key.to_s
+        if has_key?(permitted_key) && permitted_scalar?(self[permitted_key])
+          params[permitted_key] = self[permitted_key]
         end
-        keys.grep(/\A#{Regexp.escape(key)}\(\d+[if]?\)\z/) do |k|
-          if permitted_scalar?(self[k])
-            params[k] = self[k]
-          end
+        each_key do |key|
+          next unless key =~ /\(\d+[if]?\)\z/
+          next unless $~.pre_match == permitted_key
+          params[key] = self[key] if permitted_scalar?(self[key])
         end
       end
@@ -953,7 +1096,7 @@ module ActionController
             end
           elsif non_scalar?(value)
             # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
-            params[key] = each_element(value) do |element|
+            params[key] = each_element(value, filter[key]) do |element|
               element.permit(*Array.wrap(filter[key]))
             end
           end
@@ -1002,8 +1145,8 @@ module ActionController
   #
   # It provides an interface for protecting attributes from end-user
   # assignment. This makes Action Controller parameters forbidden
-  # to be used in Active Model mass assignment until they have been
-  # whitelisted.
+  # to be used in Active Model mass assignment until they have been explicitly
+  # enumerated.
   #
   # In addition, parameters can be marked as required and flow through a
   # predefined raise/rescue flow to end up as a <tt>400 Bad Request</tt> with no
@@ -1039,7 +1182,7 @@ module ActionController
   #   end
   #
   # In order to use <tt>accepts_nested_attributes_for</tt> with Strong \Parameters, you
-  # will need to specify which nested attributes should be whitelisted. You might want
+  # will need to specify which nested attributes should be permitted. You might want
   # to allow +:id+ and +:_destroy+, see ActiveRecord::NestedAttributes for more information.
   #
   #   class Person
@@ -1057,7 +1200,7 @@ module ActionController
   #     private
   #
   #       def person_params
-  #         # It's mandatory to specify the nested attributes that should be whitelisted.
+  #         # It's mandatory to specify the nested attributes that should be permitted.
   #         # If you use `permit` with just the key that points to the nested attributes hash,
   #         # it will return an empty hash.
   #         params.require(:person).permit(:name, :age, pets_attributes: [ :id, :name, :category ])
@@ -1067,13 +1210,18 @@ module ActionController
   # See ActionController::Parameters.require and ActionController::Parameters.permit
   # for more information.
   module StrongParameters
-    extend ActiveSupport::Concern
-    include ActiveSupport::Rescuable
     # Returns a new ActionController::Parameters object that
     # has been instantiated with the <tt>request.parameters</tt>.
     def params
-      @_params ||= Parameters.new(request.parameters)
+      @_params ||= begin
+        context = {
+          controller: self.class.name,
+          action: action_name,
+          request: request,
+          params: request.filtered_parameters
+        }
+        Parameters.new(request.parameters, context)
+      end
     end
     # Assigns the given +value+ to the +params+ hash. If +value+