Merge pull request #40053 from composerinteralia/safe-yaml-config-for

Use deep_symbolize_keys instead of symbolize_names
2022-11-09 12:12:34 -05:00 · 2020-11-17 11:42:59 -05:00 · 2020-11-17 11:42:59 -05:00 · 000e2853fa
commit 000e2853fa
parent 1aa14a6776 be2fd61137
2 changed files with 14 additions and 1 deletions
--- a/railties/lib/rails/application.rb
+++ b/railties/lib/rails/application.rb
@ -243,7 +243,7 @@ module Rails

      if yaml.exist?
        require "erb"
-        all_configs    = ActiveSupport::ConfigurationFile.parse(yaml, symbolize_names: true)
+        all_configs    = ActiveSupport::ConfigurationFile.parse(yaml).deep_symbolize_keys
        config, shared = all_configs[env.to_sym], all_configs[:shared]

        if config.is_a?(Hash)
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@ -2129,6 +2129,19 @@ module ApplicationTests
      assert_equal "unicorn", Rails.application.config.my_custom_config[:key]
    end

+    test "config_for handles YAML patches (like safe_yaml) that disable the symbolize_names option" do
+      app_file "config/custom.yml", <<~RUBY
+        development:
+          key: value
+      RUBY
+
+      app "development"
+
+      YAML.stub :load, { "development" => { "key" => "value" } } do
+        assert_equal({ key: "value" }, Rails.application.config_for(:custom))
+      end
+    end
+
    test "api_only is false by default" do
      app "development"
      assert_not Rails.application.config.api_only