thr3ads.net - Rails core - [PATCH] Filtering parameters inside arrays when logging [Jun 2009]

If this information is useful, please help other people find it:
Share via:

Vicente Mundim

2009-Jun-26 17:45 UTC

[PATCH] Filtering parameters inside arrays when logging

Hi,

This is my first post here. I''ve stumbled upon this while creating an
application which makes use of nested forms. Basically, I have an
Account model which has many Users. When I create the account it
creates one User. The action receives parameters like:

:account => { :name => ''foo'', :users_attributes => [{
:login =>
''foo'', :password => ''secret'',
:password_confirmation => ''secret'' }] }

Since my controller has the following line:

filter_parameter_logging :password, :password_confirmation

I was expecting to see both password and password_confirmation
filtered, but they weren''t. Looking inside filter_parameter_logging I
understand that it didn''t treated arrays. I''ve made a patch,
but it
seems rails.lighthouseapp.com is down, so I''ll just post it here. The
patch contains changes to both code and tests. I''ve made it by
branching origin/2-3-stable.

Thanks

Here it is:

From 2d00dfe54911049a7b84814b5d630023694c1d3d Mon Sep 17 00:00:00 2001
From: Vicente Mundim <vicente.mundim@intelitiva.com>
Date: Fri, 26 Jun 2009 14:22:36 -0300
Subject: [PATCH] Filtering parameters inside arrays when logging

---
 actionpack/lib/action_controller/base.rb         |    4 ++++
 actionpack/test/controller/filter_params_test.rb |    4 +++-
 2 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/
action_controller/base.rb
index 95cf3e7..3c89fc8 100644
--- a/actionpack/lib/action_controller/base.rb
+++ b/actionpack/lib/action_controller/base.rb
@@ -491,6 +491,10 @@ module ActionController #:nodoc:
               filtered_parameters[key] = ''[FILTERED]''
             elsif value.is_a?(Hash)
               filtered_parameters[key] = filter_parameters(value)
+            elsif value.is_a?(Array)
+              filtered_parameters[key] = value.collect do |item|
+                filter_parameters(item)
+              end
             elsif block_given?
               key = key.dup
               value = value.dup if value
diff --git a/actionpack/test/controller/filter_params_test.rb b/
actionpack/test/controller/filter_params_test.rb
index 0b259a7..3bcf518 100644
--- a/actionpack/test/controller/filter_params_test.rb
+++ b/actionpack/test/controller/filter_params_test.rb
@@ -23,7 +23,9 @@ class FilterParamTest < Test::Unit::TestCase
     [{''foo''=>''bar'',
''bar''=>''foo''},{''foo''=>''[FILTERED]'',
''bar''=>''foo''},
%w''foo baz''],
     [{''foo''=>''bar'',
''baz''=>''foo''},{''foo''=>''[FILTERED]'',
''baz''=>''[FILTERED]''},%w''foo
baz''],
    
[{''bar''=>{''foo''=>''bar'',''bar''=>''foo''}},{''bar''=>
{''foo''=>''[FILTERED]'',''bar''=>''foo''}},%w''fo''],
-   
[{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f
banana'']]
+   
[{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f
banana''],
+   
[{''bar''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''bar''=>
[{''foo''=>''[FILTERED]'',''bar''=>''foo''}]},%w''fo''],
+   
[{''foo''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''foo''=>''[FILTERED]''},
%w''f banana'']]

     test_hashes.each do |before_filter, after_filter, filter_words|
       FilterParamController.filter_parameter_logging(*filter_words)
--
1.5.6.3

Vicente Mundim

2009-Jun-29 13:01 UTC

head link

Re: Filtering parameters inside arrays when logging

Just added a ticket in lighthouse:

https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/2851-filtering-parameters-inside-arrays-when-logging

I couldn''t do it earlier because it was down on Friday.

On Jun 26, 2:45 pm, Vicente Mundim <vicente.mun...@gmail.com>
wrote:> Hi,
>
> This is my first post here. I''ve stumbled upon this while creating
an
> application which makes use of nested forms. Basically, I have an
> Account model which has many Users. When I create the account it
> creates one User. The action receives parameters like:
>
> :account => { :name => ''foo'', :users_attributes
=> [{ :login =>
> ''foo'', :password => ''secret'',
:password_confirmation => ''secret'' }] }
>
> Since my controller has the following line:
>
> filter_parameter_logging :password, :password_confirmation
>
> I was expecting to see both password and password_confirmation
> filtered, but they weren''t. Looking inside
filter_parameter_logging I
> understand that it didn''t treated arrays. I''ve made a
patch, but it
> seems rails.lighthouseapp.com is down, so I''ll just post it here.
The
> patch contains changes to both code and tests. I''ve made it by
> branching origin/2-3-stable.
>
> Thanks
>
> Here it is:
>
> From 2d00dfe54911049a7b84814b5d630023694c1d3d Mon Sep 17 00:00:00 2001
> From: Vicente Mundim <vicente.mun...@intelitiva.com>
> Date: Fri, 26 Jun 2009 14:22:36 -0300
> Subject: [PATCH] Filtering parameters inside arrays when logging
>
> ---
>  actionpack/lib/action_controller/base.rb         |    4 ++++
>  actionpack/test/controller/filter_params_test.rb |    4 +++-
>  2 files changed, 7 insertions(+), 1 deletions(-)
>
> diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/
> action_controller/base.rb
> index 95cf3e7..3c89fc8 100644
> --- a/actionpack/lib/action_controller/base.rb
> +++ b/actionpack/lib/action_controller/base.rb
> @@ -491,6 +491,10 @@ module ActionController #:nodoc:
>                filtered_parameters[key] = ''[FILTERED]''
>              elsif value.is_a?(Hash)
>                filtered_parameters[key] = filter_parameters(value)
> +            elsif value.is_a?(Array)
> +              filtered_parameters[key] = value.collect do |item|
> +                filter_parameters(item)
> +              end
>              elsif block_given?
>                key = key.dup
>                value = value.dup if value
> diff --git a/actionpack/test/controller/filter_params_test.rb b/
> actionpack/test/controller/filter_params_test.rb
> index 0b259a7..3bcf518 100644
> --- a/actionpack/test/controller/filter_params_test.rb
> +++ b/actionpack/test/controller/filter_params_test.rb
> @@ -23,7 +23,9 @@ class FilterParamTest < Test::Unit::TestCase
>      [{''foo''=>''bar'',
''bar''=>''foo''},{''foo''=>''[FILTERED]'',
''bar''=>''foo''},
> %w''foo baz''],
>      [{''foo''=>''bar'',
''baz''=>''foo''},{''foo''=>''[FILTERED]'',
> ''baz''=>''[FILTERED]''},%w''foo
baz''],
>    
 [{''bar''=>{''foo''=>''bar'',''bar''=>''foo''}},{''bar''=>
>
{''foo''=>''[FILTERED]'',''bar''=>''foo''}},%w''fo''],
> -  
 [{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f
> banana'']]
> +  
 [{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f
> banana''],
> +  
 [{''bar''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''bar''=>
>
[{''foo''=>''[FILTERED]'',''bar''=>''foo''}]},%w''fo''],
> +  
 [{''foo''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''foo''=>''[FILTERED]''},
> %w''f banana'']]
>
>      test_hashes.each do |before_filter, after_filter, filter_words|
>        FilterParamController.filter_parameter_logging(*filter_words)
> --
> 1.5.6.3

Rails core - Jun 2009 - [PATCH] Filtering parameters inside arrays when logging

[PATCH] Filtering parameters inside arrays when logging

Re: Filtering parameters inside arrays when logging