From 5923ee6fe04500ce46f7fc8fff6aafcfd64e68db Mon Sep 17 00:00:00 2001 From: Godfrey Chan Date: Fri, 19 Dec 2014 01:14:26 -0800 Subject: [PATCH] Revert "Merge pull request #18003 from sikachu/permit_all_parameters-thread-safety" This reverts commit da5cc10e945552da54234f858470238a3fc36767. Fixes #18091 See also https://github.com/rails/rails/pull/18003#commitcomment-9030909 --- .../metal/strong_parameters.rb | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index f08c84de5b..01bbd749c1 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -92,7 +92,11 @@ module ActionController # params.permit(:c) # # => ActionController::UnpermittedParameters: found unpermitted keys: a, b # - # ActionController::Parameters is inherited from + # Please note that these options *are not thread-safe*. In a multi-threaded + # environment they should only be set once at boot-time and never mutated at + # runtime. + # + # ActionController::Parameters inherits from # ActiveSupport::HashWithIndifferentAccess, this means # that you can fetch values using either :key or "key". # @@ -100,6 +104,7 @@ module ActionController # params[:key] # => "value" # params["key"] # => "value" class Parameters < ActiveSupport::HashWithIndifferentAccess + cattr_accessor :permit_all_parameters, instance_accessor: false cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false # By default, never raise an UnpermittedParameters exception if these @@ -122,16 +127,6 @@ module ActionController always_permitted_parameters end - # Returns the value of +permit_all_parameters+. - def self.permit_all_parameters - Thread.current[:action_controller_permit_all_parameters] - end - - # Sets the value of +permit_all_parameters+. - def self.permit_all_parameters=(value) - Thread.current[:action_controller_permit_all_parameters] = value - end - # Returns a new instance of ActionController::Parameters. # Also, sets the +permitted+ attribute to the default value of # ActionController::Parameters.permit_all_parameters.