- 28 8月, 2015 2 次提交
-
-
由 Xavier Noria 提交于
* A string in the example lacked quotes. * The tests asserted stuff about :last_name, whereas test params do not have that key. * But, the first one passed, why? After hitting my head against the wall and doing some obscure rituals realized the new #require had an important typo, wanted to iterate over the array argument (key), but it ran over its own hash keys (method #keys). * Modified the test to prevent the same typo to happen again. * The second test assigned to an unused variable safe_params that has been therefore removed. * Grammar of the second test description. * Since I was on it, reworded both test descriptions.
-
由 Gaurish Sharma 提交于
This PR adds ability to accept arrays which allows you to require multiple values in one method. so instead of this: ```ruby params.require(:person).require(:first_name) params.require(:person).require(:last_name) ``` Here it will be one line for each params, so say if I require 10params, it will be 10lines of repeated code which is not dry. So I have added new method which does this in one line: ```ruby params.require(:person).require([:first_name, :last_name]) ``` Comments welcome
-
- 17 8月, 2015 1 次提交
-
-
由 Jon Atack 提交于
-
- 22 7月, 2015 2 次提交
-
-
由 Aaron Patterson 提交于
there is no reason to `convert_hashes_to_parameters` with an assignemt flag. The caller knows whether or not it wants the value assigned. We should just change the uncommon case (not writing to the underlying hash) to just call the conversion method and return that value.
-
由 Aaron Patterson 提交于
only hashes are converted to parameter objects, so lets add a branch for them. This also removes a is_a? test for Parameters so we can be abstracted from the class.
-
- 19 7月, 2015 1 次提交
-
-
由 Roque Pinel 提交于
When executing an `ActionController::Parameters#fetch` with a block that raises a `KeyError` the raised `KeyError` will be rescued and converted to an `ActionController::ParameterMissing` exception, covering up the original exception. [Jonas Schubert Erlandsson & Roque Pinel]
-
- 18 7月, 2015 7 次提交
-
-
由 Aaron Patterson 提交于
this way we don't need to call `to_unsafe_h` to get access to ask questions about the underlying hash
-
由 Aaron Patterson 提交于
now `hash_filter` doesn't need to know about the `Parameters` class
-
由 Aaron Patterson 提交于
Since we proved that `element` is always of type `Parameter`, we know that it will always respond to `permit`, so lets remove this conditional
-
由 Aaron Patterson 提交于
`element` can never be a hash because: 1. `slice` returns a Parameters object and calls each on it: https://github.com/rails/rails/blob/cb3f25593b1137e344086364d4b1a52c08e8eb3b/actionpack/lib/action_controller/metal/strong_parameters.rb#L656 2. `each` which is implemented by `each_pair` will call `convert_hashes_to_parameters` on the value: https://github.com/rails/rails/blob/cb3f25593b1137e344086364d4b1a52c08e8eb3b/actionpack/lib/action_controller/metal/strong_parameters.rb#L192-197 3. `convert_hashes_to_parameters` will convert any hash objects in to parameters objects: https://github.com/rails/rails/blob/cb3f25593b1137e344086364d4b1a52c08e8eb3b/actionpack/lib/action_controller/metal/strong_parameters.rb#L550-566
-
由 Aaron Patterson 提交于
Now that the value is cached on the stack, `array_of_permitted_scalars_filter` is exactly the same as `array_of_permitted_scalars?`, so lets just have one
-
由 Aaron Patterson 提交于
this way the method doesn't have to know what the new params object is, it just yields to a block. This change also caches the value of `self[key]` on the stack
-
由 Aaron Patterson 提交于
We should disconnect `array_of_permitted_scalars_filter` from the instance so that we can make hash filtering functional. For now, pull the conditional up out of that method
-
- 16 7月, 2015 2 次提交
-
-
由 Zoltan Kiss 提交于
`ActionController::Parameters#to_h` returns a hash, so lets have `ActionController::Parameters#to_unsafe_h` return a hash instead of an `ActiveSupport::HashWithIndifferentAccess` for consistency.
-
由 Prem Sichanugrist 提交于
-
- 15 7月, 2015 1 次提交
-
-
由 Prem Sichanugrist 提交于
This is another take at #14384 as we decided to wait until `master` is targeting Rails 5.0. This commit is implementation-complete, as it guarantees that all the public methods on the hash-inherited Parameters are still working (based on test case). We can decide to follow-up later if we want to remove some methods out from Parameters.
-
- 22 6月, 2015 2 次提交
-
-
由 Mehmet Emin İNAÇ 提交于
-
由 Mehmet Emin İNAÇ 提交于
-
- 06 4月, 2015 1 次提交
-
-
由 Michael Josephson 提交于
-
- 28 3月, 2015 1 次提交
-
-
由 Shuhei Kagawa 提交于
The current implementation of ActionController::Parameters.const_missing returns `ActionController::Parameters.always_permitted_parameters` even if its `super` returns a constant without raising error. This prevents its subclass in a autoloading module/class from taking advantage of autoloading constants. class SomeParameters < ActionController::Parameters def do_something DefinedSomewhere.do_something end end In the code above, `DefinedSomewhere` is to be autoloaded with `Module.const_missing` but `ActionController::Parameters.const_missing` returns `always_permitted_parameters` instead of the autoloaded constant. This pull request fixes the issue respecting `const_missing`'s `super`.
-
- 28 2月, 2015 1 次提交
-
-
由 Vipul A M 提交于
Removed non-standard and unused require 'active_support/deprecation' from parts out of active_support.
-
- 19 12月, 2014 1 次提交
-
-
由 Godfrey Chan 提交于
This reverts commit da5cc10e. Fixes #18091 See also https://github.com/rails/rails/pull/18003#commitcomment-9030909
-
- 12 12月, 2014 2 次提交
-
-
由 Prem Sichanugrist 提交于
As suggested in #16299([1]), this method should be a new public API for retrieving unfiltered parameters from `ActionController::Parameters` object, given that `Parameters#to_hash` will no longer work in Rails 5.0+ as we stop inheriting `Parameters` from `Hash`. [1]: https://github.com/rails/rails/pull/16299#issuecomment-50220919
-
由 Prem Sichanugrist 提交于
As discussed in #16299[1], this attribute is not thread safe and could potentially create a security issue. [1]: https://github.com/rails/rails/pull/16299#discussion_r15424533
-
- 29 10月, 2014 1 次提交
-
-
由 Xavier Noria 提交于
The current style for warning messages without newlines uses concatenation of string literals with manual trailing spaces where needed. Heredocs have better readability, and with `squish` we can still produce a single line. This is a similar use case to the one that motivated defining `strip_heredoc`, heredocs are super clean.
-
- 19 8月, 2014 5 次提交
-
-
由 Prem Sichanugrist 提交于
Ruby 1.9.3 does not implement Hash#to_h, so we can't call `super` on it.
-
由 Prem Sichanugrist 提交于
* `each` * `each_pair` * `delete` * `select!`
-
由 Prem Sichanugrist 提交于
-
由 Prem Sichanugrist 提交于
This is to make sure that `permitted` status is maintained on the resulting object. I found these methods that needs to be redefined by looking for `self.class.new` in the code. * extract! * transform_keys * transform_values
-
由 Prem Sichanugrist 提交于
`ActionController::Parameters#to_h` now returns a `Hash` with unpermitted keys removed. This change is to reflect on a security concern where some method performed on an `ActionController::Parameters` may yield a `Hash` object which does not maintain `permitted?` status. If you would like to get a `Hash` with all the keys intact, duplicate and mark it as permitted before calling `#to_h`. params = ActionController::Parameters.new(name: 'Senjougahara Hitagi') params.to_h # => {} unsafe_params = params.dup.permit! unsafe_params.to_h # => {"name"=>"Senjougahara Hitagi"} safe_params = params.permit(:name) safe_params.to_h # => {"name"=>"Senjougahara Hitagi"} This change is consider a stopgap as we cannot chage the code to stop `ActionController::Parameters` to inherit from `HashWithIndifferentAccess` in the next minor release. Also, adding a CHANGELOG entry to mention that `ActionController::Parameters` will not inheriting from `HashWithIndifferentAccess` in the next major version.
-
- 28 6月, 2014 1 次提交
-
-
由 Rafael Chacón 提交于
* General style fixes. * Add changes to configuration guide. * Add missing tests.
-
- 27 6月, 2014 1 次提交
-
-
由 Rafael Chacón 提交于
* This commit adds back the always_permitted_parameters configuration option to strong paramaters. * The initial pull requests where this feature was added are the following: - https://github.com/rails/rails/pull/12682 - https://github.com/rails/strong_parameters/pull/174
-
- 14 6月, 2014 1 次提交
-
-
由 Sergio Romano 提交于
Fixes #15685.
-
- 07 6月, 2014 2 次提交
-
-
由 Xavier Noria 提交于
-
由 Xavier Noria 提交于
We cannot cache keys because arrays are mutable. We rather want to cache the arrays. This behaviour is tailor-made for the usage pattern strongs params is designed for. In a forthcoming commit I am going to add a test that covers why we need to cache by value. Every strong params instance has a live span of a request, the cache goes away with the object. Since strong params have such a concrete intention, it would be interesting to see if there are actually any real-world use cases that are an actual leak, one that practically may matter. I am not convinced that the theoretical leak has any practical consequences, but if it can be shown there are, then I believe we should either get rid of the cache (which is an optimization), or else wipe it in the mutating API. This reverts commit e63be276.
-
- 06 6月, 2014 1 次提交
-
-
由 Corey Ward 提交于
Per convention, underscore-only argument names should be used for unused parameters.
-
- 04 6月, 2014 1 次提交
-
-
由 Ryan Davis 提交于
memory leak demonstrated on @tenderlove's latest blog post: http://tenderlovemaking.com/2014/06/02/yagni-methods-are-killing-me.html
-
- 31 3月, 2014 1 次提交
-
-
由 Ian C. Anderson 提交于
- accepts_nested_attribute_for -> accepts_nested_attributes_for
-
- 24 2月, 2014 1 次提交
-
-
由 Serj L 提交于
Simple Sungularize ActionController::UnpermittedParameters error in case when only 1 parameter is unpermitted.
-
- 24 12月, 2013 1 次提交
-
-
由 Xavier Noria 提交于
-