kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

params.permitted? is false by default

Browse source 
In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will
be permitted by default. The default is +false+."
This commit is contained in:
Jon Moss 2016-06-22 14:34:30 -04:00
parent abec128cb5
commit 19eec52297
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
actionpack/lib/action_controller/metal/strong_parameters.rb
View file

@ -106,6 +106,8 @@ module ActionController
# params["key"] # => "value"
class Parameters
cattr_accessor :permit_all_parameters, instance_accessor: false
self.permit_all_parameters = false
cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,

6
actionpack/test/controller/parameters/parameters_permit_test.rb
View file

@ -369,4 +369,10 @@ class ParametersPermitTest < ActiveSupport::TestCase
refute params.permit(foo: [:bar]).has_key?(:foo)
refute params.permit(foo: :bar).has_key?(:foo)
end
test '#permitted? is false by default' do
params = ActionController::Parameters.new
assert_equal false, params.permitted?
end
end