Allow regular expressions to avoid string conversion for parameter

filtering.
2022-11-09 12:18:31 -05:00 · 2011-12-14 10:41:24 -06:00 · 2011-12-14 10:41:24 -06:00 · c9becd3ea1
commit c9becd3ea1
parent 5a245b3d55
2 changed files with 7 additions and 1 deletions
--- a/lib/devise/param_filter.rb
+++ b/lib/devise/param_filter.rb
@ -35,7 +35,7 @@ module Devise

    # Determine which values should be transformed to string or passed as-is to the query builder underneath
    def param_requires_string_conversion?(value)
-      true unless value.is_a?(TrueClass) || value.is_a?(FalseClass) || value.is_a?(Fixnum)
+      [Fixnum, TrueClass, FalseClass, Regexp].none? {|clz| value.is_a? clz }
    end
  end
 end
--- a/test/models/database_authenticatable_test.rb
+++ b/test/models/database_authenticatable_test.rb
@ -28,6 +28,12 @@ class DatabaseAuthenticatableTest < ActiveSupport::TestCase
    assert_equal( { 'login' => 'foo@bar.com', "bool1" => true, "bool2" => false, "fixnum" => 123, "will_be_converted" => "1..10" }, conditions)
  end

+  test "param filter should not convert regular expressions to strings" do
+    conditions = { "regexp" => /expression/ }
+    conditions = Devise::ParamFilter.new([], []).filter(conditions)
+    assert_equal( { "regexp" => /expression/ }, conditions)
+  end
+
  test 'should respond to password and password confirmation' do
    user = new_user
    assert user.respond_to?(:password)