mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
fd88ccc905
Before we returned either an empty hash or only the always permitted parameters (:controller and :action by default). The previous behavior was dangerous because in order to get the attributes users usually fallback to use to_unsafe_h that could potentially introduce security issues. The to_unsafe_h API is also not good since Parameters is a object that quacks like a Hash but not in all cases since to_h would return an empty hash and users were forced to check if to_unsafe_h is defined or if the instance is a ActionController::Parameters in order to work with it. This end up coupling a lot of libraries and parts of the application with something that is from the controller layer. |
||
|---|---|---|
| .. | ||
| abstract_controller | ||
| action_controller | ||
| action_dispatch | ||
| action_pack | ||
| abstract_controller.rb | ||
| action_controller.rb | ||
| action_dispatch.rb | ||
| action_pack.rb | ||