Last active
October 12, 2018 12:22
-
-
Save JoshCheek/ddc32a2f405d225d8e094c7d016e7d50 to your computer and use it in GitHub Desktop.
Strong Params bugs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Strong params tries to require all the files they depend on. | |
# This way you can require strong params itself, without having the entire world loaded | |
`gem which action_controller/metal/strong_parameters | xargs ruby -ne 'print if /^require/'` | |
# => "require \"active_support/core_ext/hash/indifferent_access\"\n" + | |
# "require \"active_support/core_ext/hash/transform_values\"\n" + | |
# "require \"active_support/core_ext/array/wrap\"\n" + | |
# "require \"active_support/core_ext/string/filters\"\n" + | |
# "require \"active_support/core_ext/object/to_query\"\n" + | |
# "require \"active_support/rescuable\"\n" + | |
# "require \"action_dispatch/http/upload\"\n" + | |
# "require \"rack/test\"\n" + | |
# "require \"stringio\"\n" + | |
# "require \"set\"\n" + | |
# "require \"yaml\"\n" | |
# However, they missed at least 2 files. We see the first one when we try to require it: | |
# they forgot to require the file that defines cattr_accessor | |
require 'action_controller/metal/strong_parameters' rescue $!.message # => "undefined method `cattr_accessor' for ActionController::Parameters:Class\nDid you mean? attr_accessor" | |
# Okay then, we'll do that ourselves | |
require 'active_support/core_ext/module/attribute_accessors' # => true | |
# Now we can require strong params | |
require 'action_controller/metal/strong_parameters' # => true | |
# Now we see the second one: | |
# they forgot to require the file that defines #present? | |
ActionController::Parameters.new(a: {b: 'c'}).require(:a) rescue $!.message # => "undefined method `present?' for <ActionController::Parameters {\"b\"=>\"c\"} permitted: false>:ActionController::Parameters" | |
# Okay then, we'll do that ourselves | |
require 'active_support/core_ext/object/blank' # => true | |
# Now we can use the ActionController::Parameters#require | |
ActionController::Parameters.new(a: {b: 'c'}).require(:a) # => <ActionController::Parameters {"b"=>"c"} permitted: false> | |
# There might be others as well, these are the only 2 I found during my exploration |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment