rails--rails/actionpack/CHANGELOG.md at a770d7e404f994d717843035eba9c1094a6e90d8

mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Chris Sinjakli 8f8ccb9901 Don't convert empty arrays to nils when deep munging params

2014-12-15 14:51:07 +00:00

Stop converting empty arrays in params to nil

This behaviour was introduced in response to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155

ActiveRecord now issues a safe query when passing an empty array into a where clause, so there is no longer a need to defend against this type of input (any nils are still stripped from the array).

Chris Sinjakli
Fixed usage of optional scopes in URL helpers.

Alex Robbin
Fixed handling of positional url helper arguments when format: false.

Fixes #17819.

Andrew White, Tatiana Soukiassian

Please check 4-2-stable for previous changes.