1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Merge pull request #22903 from prathamesh-sonpatki/allow-ac-parameters-hash-as-an-argument-to-routes

Allow AC::Parameters as an argument to url_helpers
This commit is contained in:
Rafael França 2016-01-07 05:13:07 -02:00
commit 21dd85f1ee
3 changed files with 40 additions and 2 deletions

View file

@ -1,3 +1,11 @@
* Allow `ActionController::Parameters` instances as an argument to URL
helper methods. An `ArguemntError` will be raised if the passed parameters
are not secure.
Fixes #22832
*Prathamesh Sonpatki*
* Add option for per-form CSRF tokens.
*Ben Toews*

View file

@ -281,8 +281,17 @@ module ActionDispatch
helper = UrlHelper.create(route, opts, route_key, url_strategy)
mod.module_eval do
define_method(name) do |*args|
options = nil
options = args.pop if args.last.is_a? Hash
last = args.last
options = case last
when Hash
args.pop
when ActionController::Parameters
if last.permitted?
args.pop.to_h
else
raise ArgumentError, "Generating an URL from non sanitized request parameters is insecure!"
end
end
helper.call self, args, options
end
end

View file

@ -3578,6 +3578,27 @@ class TestRoutingMapper < ActionDispatch::IntegrationTest
assert_equal 'HEAD', @response.body
end
def test_passing_action_parameters_to_url_helpers_raises_error_if_parameters_are_not_permitted
draw do
root :to => 'projects#index'
end
params = ActionController::Parameters.new(id: '1')
assert_raises ArgumentError do
root_path(params)
end
end
def test_passing_action_parameters_to_url_helpers_is_allowed_if_parameters_are_permitted
draw do
root :to => 'projects#index'
end
params = ActionController::Parameters.new(id: '1')
params.permit!
assert_equal '/?id=1', root_path(params)
end
private
def draw(&block)