Vicente Mundim
2009-Jun-26 17:45 UTC
[PATCH] Filtering parameters inside arrays when logging
Hi, This is my first post here. I''ve stumbled upon this while creating an application which makes use of nested forms. Basically, I have an Account model which has many Users. When I create the account it creates one User. The action receives parameters like: :account => { :name => ''foo'', :users_attributes => [{ :login => ''foo'', :password => ''secret'', :password_confirmation => ''secret'' }] } Since my controller has the following line: filter_parameter_logging :password, :password_confirmation I was expecting to see both password and password_confirmation filtered, but they weren''t. Looking inside filter_parameter_logging I understand that it didn''t treated arrays. I''ve made a patch, but it seems rails.lighthouseapp.com is down, so I''ll just post it here. The patch contains changes to both code and tests. I''ve made it by branching origin/2-3-stable. Thanks Here it is: From 2d00dfe54911049a7b84814b5d630023694c1d3d Mon Sep 17 00:00:00 2001 From: Vicente Mundim <vicente.mundim@intelitiva.com> Date: Fri, 26 Jun 2009 14:22:36 -0300 Subject: [PATCH] Filtering parameters inside arrays when logging --- actionpack/lib/action_controller/base.rb | 4 ++++ actionpack/test/controller/filter_params_test.rb | 4 +++- 2 files changed, 7 insertions(+), 1 deletions(-) diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/ action_controller/base.rb index 95cf3e7..3c89fc8 100644 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -491,6 +491,10 @@ module ActionController #:nodoc: filtered_parameters[key] = ''[FILTERED]'' elsif value.is_a?(Hash) filtered_parameters[key] = filter_parameters(value) + elsif value.is_a?(Array) + filtered_parameters[key] = value.collect do |item| + filter_parameters(item) + end elsif block_given? key = key.dup value = value.dup if value diff --git a/actionpack/test/controller/filter_params_test.rb b/ actionpack/test/controller/filter_params_test.rb index 0b259a7..3bcf518 100644 --- a/actionpack/test/controller/filter_params_test.rb +++ b/actionpack/test/controller/filter_params_test.rb @@ -23,7 +23,9 @@ class FilterParamTest < Test::Unit::TestCase [{''foo''=>''bar'', ''bar''=>''foo''},{''foo''=>''[FILTERED]'', ''bar''=>''foo''}, %w''foo baz''], [{''foo''=>''bar'', ''baz''=>''foo''},{''foo''=>''[FILTERED]'', ''baz''=>''[FILTERED]''},%w''foo baz''], [{''bar''=>{''foo''=>''bar'',''bar''=>''foo''}},{''bar''=> {''foo''=>''[FILTERED]'',''bar''=>''foo''}},%w''fo''], - [{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f banana'']] + [{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f banana''], + [{''bar''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''bar''=> [{''foo''=>''[FILTERED]'',''bar''=>''foo''}]},%w''fo''], + [{''foo''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''foo''=>''[FILTERED]''}, %w''f banana'']] test_hashes.each do |before_filter, after_filter, filter_words| FilterParamController.filter_parameter_logging(*filter_words) -- 1.5.6.3
Just added a ticket in lighthouse: https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/2851-filtering-parameters-inside-arrays-when-logging I couldn''t do it earlier because it was down on Friday. On Jun 26, 2:45 pm, Vicente Mundim <vicente.mun...@gmail.com> wrote:> Hi, > > This is my first post here. I''ve stumbled upon this while creating an > application which makes use of nested forms. Basically, I have an > Account model which has many Users. When I create the account it > creates one User. The action receives parameters like: > > :account => { :name => ''foo'', :users_attributes => [{ :login => > ''foo'', :password => ''secret'', :password_confirmation => ''secret'' }] } > > Since my controller has the following line: > > filter_parameter_logging :password, :password_confirmation > > I was expecting to see both password and password_confirmation > filtered, but they weren''t. Looking inside filter_parameter_logging I > understand that it didn''t treated arrays. I''ve made a patch, but it > seems rails.lighthouseapp.com is down, so I''ll just post it here. The > patch contains changes to both code and tests. I''ve made it by > branching origin/2-3-stable. > > Thanks > > Here it is: > > From 2d00dfe54911049a7b84814b5d630023694c1d3d Mon Sep 17 00:00:00 2001 > From: Vicente Mundim <vicente.mun...@intelitiva.com> > Date: Fri, 26 Jun 2009 14:22:36 -0300 > Subject: [PATCH] Filtering parameters inside arrays when logging > > --- > actionpack/lib/action_controller/base.rb | 4 ++++ > actionpack/test/controller/filter_params_test.rb | 4 +++- > 2 files changed, 7 insertions(+), 1 deletions(-) > > diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/ > action_controller/base.rb > index 95cf3e7..3c89fc8 100644 > --- a/actionpack/lib/action_controller/base.rb > +++ b/actionpack/lib/action_controller/base.rb > @@ -491,6 +491,10 @@ module ActionController #:nodoc: > filtered_parameters[key] = ''[FILTERED]'' > elsif value.is_a?(Hash) > filtered_parameters[key] = filter_parameters(value) > + elsif value.is_a?(Array) > + filtered_parameters[key] = value.collect do |item| > + filter_parameters(item) > + end > elsif block_given? > key = key.dup > value = value.dup if value > diff --git a/actionpack/test/controller/filter_params_test.rb b/ > actionpack/test/controller/filter_params_test.rb > index 0b259a7..3bcf518 100644 > --- a/actionpack/test/controller/filter_params_test.rb > +++ b/actionpack/test/controller/filter_params_test.rb > @@ -23,7 +23,9 @@ class FilterParamTest < Test::Unit::TestCase > [{''foo''=>''bar'', ''bar''=>''foo''},{''foo''=>''[FILTERED]'', ''bar''=>''foo''}, > %w''foo baz''], > [{''foo''=>''bar'', ''baz''=>''foo''},{''foo''=>''[FILTERED]'', > ''baz''=>''[FILTERED]''},%w''foo baz''], > [{''bar''=>{''foo''=>''bar'',''bar''=>''foo''}},{''bar''=> > {''foo''=>''[FILTERED]'',''bar''=>''foo''}},%w''fo''], > - [{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f > banana'']] > + [{''foo''=>{''foo''=>''bar'',''bar''=>''foo''}},{''foo''=>''[FILTERED]''},%w''f > banana''], > + [{''bar''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''bar''=> > [{''foo''=>''[FILTERED]'',''bar''=>''foo''}]},%w''fo''], > + [{''foo''=>[{''foo''=>''bar'',''bar''=>''foo''}]},{''foo''=>''[FILTERED]''}, > %w''f banana'']] > > test_hashes.each do |before_filter, after_filter, filter_words| > FilterParamController.filter_parameter_logging(*filter_words) > -- > 1.5.6.3