Stricter parameter handling avoiding unexpected conversion/types#63
Merged
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #63 +/- ##
==========================================
+ Coverage 95.11% 95.15% +0.03%
==========================================
Files 20 20
Lines 635 640 +5
==========================================
+ Hits 604 609 +5
Misses 31 31 ☔ View full report in Codecov by Sentry. |
franzliedke
reviewed
Jan 17, 2025
| # concatenation any Array to "a/b/c". Instead, we want to check | ||
| # one level of basic types only. | ||
| if value.is_a?(Array) | ||
| return nesting ? value.map {|val| convert_param(val) } : value |
Collaborator
There was a problem hiding this comment.
Were you meaning to pass nesting: false here? 🤔
What is supposed to happen on the second iteration?
Collaborator
There was a problem hiding this comment.
Ah, it also raises. Fun.
Owner
Author
There was a problem hiding this comment.
Yes. The idea is not to reject stuff here, but only sprinkle enough #to_param to cover the most important Rails cases 😬.
Owner
Author
There was a problem hiding this comment.
Were you meaning to pass
nesting: falsehere? 🤔
Yes, fixed. 🙏
1399989 to
c22106c
Compare
Restify checked every param if it responds to to_param, and calls it,
before passing values to Addressable::Template. Since Rails patches
to_param into anything, that resulted in accepting virtually anything
somehow into params.
For example, any Array was encoded a slash-delimited string of the
individual values ([1,2] -> "1/2"), which not only could result in
confusing things accidentially passed as params, but also made it
impossible to pass a parameter multiple times (a: [1, 2] -> "a=1&a=2").
This commit takes the basic type detection from Addressable::Template
and tries to only apply to_param, which addressable does not support at
all, for non-basic types. Therefore, arrays and hash, should behave
similar to when passed directly to Addressable::Template, but it will
still be possible to e.g. pass an ActiveRecord model as a parameter,
using #to_param.
This makes passing standard and Rails-style argument lists possible:
expand(p: [1, 2]) -> "/?p=1&p=2"
expand('p[]': [1, 2]) -> "/?p%5B%5D=1&p%5B%5D=2"
Fixes #44
c22106c to
58aab5c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Restify checked every parameter if it responds to
#to_param, and calls that, before passing values toAddressable::Template. Since Rails patches#to_paraminto anything, that resulted in accepting virtually anything somehow as a parameter.For example, any Array was encoded a slash-delimited string of the individual values (
[1,2] -> "1/2"). That not only could result in confusing things accidentally passed as params, but also made it impossible to pass a parameter multiple times (a: [1, 2] -> "a=1&a=2").This pull request takes the basic type detection from
Addressable::Templateand tries to only apply#to_param, whichaddressabledoes not support at all, for non-basic types. Therefore, arrays and hashes, should behave similar to when passed directly toAddressable::Template, but it will still be possible to e.g. pass an ActiveRecord model as a parameter, using#to_param.This makes passing standard and Rails-style argument lists possible:
Fixes #44