Filter scalar values when params permit hashes or arrays

This brings the behavior more inline with other similar cases, such as receiving a hash when an array of scalars was expected. Prior to this commit, the key would be present, but the value would be `nil`

Filter scalar values when params permit hashes or arrays
This brings the behavior more inline with other similar cases, such as receiving a hash when an array of scalars was expected. Prior to this commit, the key would be present, but the value would be `nil`
94a1edbc · Sean Griffin · b1f4c4bb · 94a1edbc · 94a1edbc
2 changed file
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -756,6 +756,10 @@ def array_of_permitted_scalars?(value)
        end
      end

+      def non_scalar?(value)
+        value.is_a?(Array) || value.is_a?(Parameters)
+      end
+
      EMPTY_ARRAY = []
      def hash_filter(params, filter)
        filter = filter.with_indifferent_access
@@ -770,7 +774,7 @@ def hash_filter(params, filter)
            array_of_permitted_scalars?(self[key]) do |val|
              params[key] = val
            end
-          else
+          elsif non_scalar?(value)
            # Declaration { user: :name } or { user: [:name, :age, { address: ... }] }.
            params[key] = each_element(value) do |element|
              element.permit(*Array.wrap(filter[key]))

--- a/actionpack/test/controller/parameters/parameters_permit_test.rb
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -360,4 +360,13 @@ def dup; @dupped = true; end
    assert @params.include? 'person'
    assert_not @params.include? :gorilla
  end
+
+  test "scalar values should be filtered when array or hash is specified" do
+    params = ActionController::Parameters.new(foo: "bar")
+
+    assert params.permit(:foo).has_key?(:foo)
+    refute params.permit(foo: []).has_key?(:foo)
+    refute params.permit(foo: [:bar]).has_key?(:foo)
+    refute params.permit(foo: :bar).has_key?(:foo)
+  end
 end