Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
1aaf4490
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
1aaf4490
编写于
8月 30, 2012
作者:
G
Guillermo Iguaran
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add config.action_controller.permit_all_attributes to bypass StrongParameters protection
上级
1e1bee3a
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
43 addition
and
1 deletion
+43
-1
actionpack/lib/action_controller.rb
actionpack/lib/action_controller.rb
+1
-0
actionpack/lib/action_controller/metal/strong_parameters.rb
actionpack/lib/action_controller/metal/strong_parameters.rb
+2
-1
actionpack/lib/action_controller/railtie.rb
actionpack/lib/action_controller/railtie.rb
+4
-0
actionpack/test/controller/parameters/parameters_permit_test.rb
...pack/test/controller/parameters/parameters_permit_test.rb
+14
-0
railties/test/application/configuration_test.rb
railties/test/application/configuration_test.rb
+22
-0
未找到文件。
actionpack/lib/action_controller.rb
浏览文件 @
1aaf4490
...
...
@@ -2,6 +2,7 @@
require
'abstract_controller'
require
'action_dispatch'
require
'action_controller/metal/live'
require
'action_controller/metal/strong_parameters'
module
ActionController
extend
ActiveSupport
::
Autoload
...
...
actionpack/lib/action_controller/metal/strong_parameters.rb
浏览文件 @
1aaf4490
...
...
@@ -13,12 +13,13 @@ def initialize(param)
end
class
Parameters
<
ActiveSupport
::
HashWithIndifferentAccess
cattr_accessor
:permit_all_parameters
,
instance_accessor:
false
attr_accessor
:permitted
alias
:permitted?
:permitted
def
initialize
(
attributes
=
nil
)
super
(
attributes
)
@permitted
=
false
@permitted
=
self
.
class
.
permit_all_parameters
end
def
permit!
...
...
actionpack/lib/action_controller/railtie.rb
浏览文件 @
1aaf4490
...
...
@@ -19,6 +19,10 @@ class Railtie < Rails::Railtie #:nodoc:
ActionController
::
Helpers
.
helpers_path
=
app
.
helpers_paths
end
initializer
"action_controller.parameters_config"
do
|
app
|
ActionController
::
Parameters
.
permit_all_parameters
=
app
.
config
.
action_controller
.
delete
(
:permit_all_parameters
)
end
initializer
"action_controller.set_configs"
do
|
app
|
paths
=
app
.
config
.
paths
options
=
app
.
config
.
action_controller
...
...
actionpack/test/controller/parameters/parameters_permit_test.rb
浏览文件 @
1aaf4490
...
...
@@ -56,4 +56,18 @@ class ParametersPermitTest < ActiveSupport::TestCase
@params
.
permit!
assert_equal
@params
.
permitted?
,
@params
.
dup
.
permitted?
end
test
"permitted takes a default value when Parameters.permit_all_parameters is set"
do
begin
ActionController
::
Parameters
.
permit_all_parameters
=
true
params
=
ActionController
::
Parameters
.
new
({
person:
{
age:
"32"
,
name:
{
first:
"David"
,
last:
"Heinemeier Hansson"
}
}})
assert
params
.
slice
(
:person
).
permitted?
assert
params
[
:person
][
:name
].
permitted?
ensure
ActionController
::
Parameters
.
permit_all_parameters
=
false
end
end
end
railties/test/application/configuration_test.rb
浏览文件 @
1aaf4490
...
...
@@ -560,6 +560,28 @@ def create
assert_equal
'{"title"=>"foo"}'
,
last_response
.
body
end
test
"config.action_controller.permit_all_parameters = true"
do
app_file
'app/controllers/posts_controller.rb'
,
<<-
RUBY
class PostsController < ActionController::Base
def create
render :text => params[:post].permitted? ? "permitted" : "forbidden"
end
end
RUBY
add_to_config
<<-
RUBY
routes.prepend do
resources :posts
end
config.action_controller.permit_all_parameters = true
RUBY
require
"
#{
app_path
}
/config/environment"
post
"/posts"
,
{
:post
=>
{
"title"
=>
"zomg"
}}
assert_equal
'permitted'
,
last_response
.
body
end
test
"config.action_dispatch.ignore_accept_header"
do
make_basic_app
do
|
app
|
app
.
config
.
action_dispatch
.
ignore_accept_header
=
true
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录