Raise if resource custom params contain colons
After this change it's not possible anymore to configure routes like this: routes.draw do resources :users, param: "name/:sneaky" end Fixes #30467.
This commit is contained in:
parent
08a435fa8c
commit
25f2e0c39d
@ -1,3 +1,18 @@
|
||||
* Raise an `ArgumentError` if a resource custom param contains a colon (`:`).
|
||||
|
||||
After this change it's not possible anymore to configure routes like this:
|
||||
|
||||
```
|
||||
routes.draw do
|
||||
resources :users, param: 'name/:sneaky'
|
||||
end
|
||||
```
|
||||
|
||||
Fixes #30467.
|
||||
|
||||
*Josua Schmid*
|
||||
|
||||
|
||||
## Rails 6.0.0.beta3 (March 11, 2019) ##
|
||||
|
||||
* No changes.
|
||||
|
@ -1141,6 +1141,10 @@ class Resource #:nodoc:
|
||||
attr_reader :controller, :path, :param
|
||||
|
||||
def initialize(entities, api_only, shallow, options = {})
|
||||
if options[:param].to_s.include?(":")
|
||||
raise ArgumentError, ":param option can't contain colons"
|
||||
end
|
||||
|
||||
@name = entities.to_s
|
||||
@path = (options[:path] || @name).to_s
|
||||
@controller = (options[:controller] || @name).to_s
|
||||
|
@ -3338,6 +3338,16 @@ def test_shallow_custom_param
|
||||
assert_equal "0c0c0b68-d24b-11e1-a861-001ff3fffe6f", @request.params[:download]
|
||||
end
|
||||
|
||||
def test_colon_containing_custom_param
|
||||
ex = assert_raises(ArgumentError) {
|
||||
draw do
|
||||
resources :profiles, param: "username/:is_admin"
|
||||
end
|
||||
}
|
||||
|
||||
assert_match(/:param option can't contain colon/, ex.message)
|
||||
end
|
||||
|
||||
def test_action_from_path_is_not_frozen
|
||||
draw do
|
||||
get "search" => "search"
|
||||
|
Loading…
Reference in New Issue
Block a user