virtus icon indicating copy to clipboard operation
virtus copied to clipboard
verified publisher icon solnic

Rails 5 generating deprecation warning when using strong parameter

Open cesarjr opened this issue 9 years ago • 12 comments

I'm using Rails 5 and this deprecation warning is been shown:

DEPRECATION WARNING: Method to_hash is deprecated and will be removed in Rails 5.1, as ActionController::Parameters no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.0/classes/ActionController/Parameters.html

This is my code:

track = API::Tracker::Track.new(track_params)

And this is my work around:

track = API::Tracker::Track.new(track_params.to_h)

Is there any permanent solution?

cesarjr avatar Jul 03 '16 13:07 cesarjr

@cesarjr are your track_params coming in as standard ActionController::Parameters before you run to_h?

greenmindPDX avatar Jul 12 '16 18:07 greenmindPDX

@solnic want to push a new version or add me to the gem so I can?

envygeeks avatar Jul 13 '16 02:07 envygeeks

@envygeeks just added you to rubygems.org as a new gem owner so you can push releases

solnic avatar Jul 13 '16 10:07 solnic

Any fix for this?

dgilperez avatar Sep 19 '16 21:09 dgilperez

Ah I forgot about this issue, I'll add it to my todo for this week.

envygeeks avatar Sep 19 '16 23:09 envygeeks

Sooo?

nbulaj avatar Dec 06 '16 11:12 nbulaj

+1

zuzannast avatar Jan 30 '17 07:01 zuzannast

+1

antnettleship avatar Apr 11 '17 14:04 antnettleship

+1 I'm using this code:

<%= params.except(:controller, :action).merge(rating: i).to_param %>

but am getting the same deprecation warning on to_param method. But, I've read the link and googled for an hour and have found no alternatives to achieve what I want (add a new get param to existing params and putting them into this format:

param=value&param2=value&param3=value

blakeperdue avatar May 09 '17 03:05 blakeperdue

changing

def coerce(attributes)
      ::Hash.try_convert(attributes) or raise(
        NoMethodError, "Expected #{attributes.inspect} to respond to #to_hash"
      )
end

to

def coerce(attributes)
      (attributes.respond_to?(:permitted?) ? attributes.to_h : ::Hash.try_convert(attributes) or raise(
        NoMethodError, "Expected #{attributes.inspect} to respond to #to_hash"
      )
end

in AttributeSet

should fix the deprecation

mgidea avatar Jul 25 '17 15:07 mgidea

+1 Created a pr for this: #382

danielbecker avatar Aug 01 '17 09:08 danielbecker

You can do this in your Virtus model:

def initialize(attributes)
  super(attributes.to_h)
end

krisleech avatar Nov 15 '17 09:11 krisleech