strong_parameters 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/action_controller/parameters.rb +8 -5
- data/lib/strong_parameters/version.rb +1 -1
- data/test/parameters_permit_test.rb +6 -0
- data/test/parameters_taint_test.rb +11 -3
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 104655e7dd188f9f5160a59a1be21216bec034a3
|
|
4
|
+
data.tar.gz: 3f8a99ed1d06fb9514d84354a89930b287293d28
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4ae5b06d01b8220037bb6ea57070905a101babaa6b93a7c4d2bed17ff84d3e2a43d3426484d716501d33eb33ba4dd933dfa6ed5fd5aba911fb185694906e066d
|
|
7
|
+
data.tar.gz: be45b400d6b951c8c4d137ea469d4a7f50be92592883968a35964232e6f993505b75fad0b5b50ba43dacc2c2d05abfecf0e9102e8d21fb56dc2056b89d419d93
|
|
@@ -4,6 +4,7 @@ require 'stringio'
|
|
|
4
4
|
|
|
5
5
|
require 'active_support/concern'
|
|
6
6
|
require 'active_support/core_ext/hash/indifferent_access'
|
|
7
|
+
require 'active_support/core_ext/array/wrap'
|
|
7
8
|
require 'action_controller'
|
|
8
9
|
require 'action_dispatch/http/upload'
|
|
9
10
|
|
|
@@ -43,8 +44,10 @@ module ActionController
|
|
|
43
44
|
|
|
44
45
|
def permit!
|
|
45
46
|
each_pair do |key, value|
|
|
46
|
-
convert_hashes_to_parameters(key, value)
|
|
47
|
-
|
|
47
|
+
value = convert_hashes_to_parameters(key, value)
|
|
48
|
+
Array.wrap(value).each do |_|
|
|
49
|
+
_.permit! if _.respond_to? :permit!
|
|
50
|
+
end
|
|
48
51
|
end
|
|
49
52
|
|
|
50
53
|
@permitted = true
|
|
@@ -79,7 +82,7 @@ module ActionController
|
|
|
79
82
|
end
|
|
80
83
|
|
|
81
84
|
def fetch(key, *args)
|
|
82
|
-
convert_hashes_to_parameters(key, super)
|
|
85
|
+
convert_hashes_to_parameters(key, super, false)
|
|
83
86
|
rescue KeyError, IndexError
|
|
84
87
|
raise ActionController::ParameterMissing.new(key)
|
|
85
88
|
end
|
|
@@ -110,9 +113,9 @@ module ActionController
|
|
|
110
113
|
|
|
111
114
|
private
|
|
112
115
|
|
|
113
|
-
def convert_hashes_to_parameters(key, value)
|
|
116
|
+
def convert_hashes_to_parameters(key, value, assign_if_converted=true)
|
|
114
117
|
converted = convert_value_to_parameters(value)
|
|
115
|
-
self[key] = converted
|
|
118
|
+
self[key] = converted if assign_if_converted && !converted.equal?(value)
|
|
116
119
|
converted
|
|
117
120
|
end
|
|
118
121
|
|
|
@@ -334,6 +334,12 @@ class NestedParametersTest < ActiveSupport::TestCase
|
|
|
334
334
|
assert_equal "prop0", params[:properties]["0"]
|
|
335
335
|
end
|
|
336
336
|
|
|
337
|
+
test "fetch with a default value of a hash does not mutate the object" do
|
|
338
|
+
params = ActionController::Parameters.new({})
|
|
339
|
+
params.fetch :foo, {}
|
|
340
|
+
assert_equal nil, params[:foo]
|
|
341
|
+
end
|
|
342
|
+
|
|
337
343
|
test 'hashes in array values get wrapped' do
|
|
338
344
|
params = ActionController::Parameters.new(foo: [{}, {}])
|
|
339
345
|
params[:foo].each do |hash|
|
|
@@ -3,9 +3,16 @@ require 'action_controller/parameters'
|
|
|
3
3
|
|
|
4
4
|
class ParametersTaintTest < ActiveSupport::TestCase
|
|
5
5
|
setup do
|
|
6
|
-
@params = ActionController::Parameters.new(
|
|
7
|
-
:
|
|
8
|
-
|
|
6
|
+
@params = ActionController::Parameters.new(
|
|
7
|
+
person: {
|
|
8
|
+
age: '32',
|
|
9
|
+
name: {
|
|
10
|
+
first: 'David',
|
|
11
|
+
last: 'Heinemeier Hansson'
|
|
12
|
+
},
|
|
13
|
+
addresses: [{city: 'Chicago', state: 'Illinois'}]
|
|
14
|
+
}
|
|
15
|
+
)
|
|
9
16
|
end
|
|
10
17
|
|
|
11
18
|
test "fetch raises ParameterMissing exception" do
|
|
@@ -89,5 +96,6 @@ class ParametersTaintTest < ActiveSupport::TestCase
|
|
|
89
96
|
assert @params.permitted?
|
|
90
97
|
assert @params[:person].permitted?
|
|
91
98
|
assert @params[:person][:name].permitted?
|
|
99
|
+
assert @params[:person][:addresses][0].permitted?
|
|
92
100
|
end
|
|
93
101
|
end
|
metadata
CHANGED
|
@@ -1,15 +1,29 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: strong_parameters
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2014-01-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
|
+
- !ruby/object:Gem::Dependency
|
|
14
|
+
name: activesupport
|
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
|
16
|
+
requirements:
|
|
17
|
+
- - ~>
|
|
18
|
+
- !ruby/object:Gem::Version
|
|
19
|
+
version: '3.0'
|
|
20
|
+
type: :runtime
|
|
21
|
+
prerelease: false
|
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
23
|
+
requirements:
|
|
24
|
+
- - ~>
|
|
25
|
+
- !ruby/object:Gem::Version
|
|
26
|
+
version: '3.0'
|
|
13
27
|
- !ruby/object:Gem::Dependency
|
|
14
28
|
name: actionpack
|
|
15
29
|
requirement: !ruby/object:Gem::Requirement
|