问题
I tried to upgrade Mindapp Gem from Rails 4 to Rails 5. There are a lots of codes like below need to be fixed because Rails 5.1 no longer support mass assignment to_bson directly.
Mindapp::Xmain.create :service=>service,
:start=>Time.now,
:name=>service.name,
:ip=> get_ip,
:status=>'I', # init
:user=>current_user,
:xvars=> {
:service_id=>service.id, :p=>params,
:id=>params[:id],
:user_id=>current_user.try(:id),
:custom_controller=>custom_controller,
:host=>request.host,
:referer=>request.env['HTTP_REFERER']
}
Then error:
DEPRECATION WARNING: Method to_bson is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.2/classes/ActionController/Parameters.html
To comply with Rails 5.1 from this WARNING: I put params (without understand really) to:
Mindapp::Xmain.create(xmain_params)
def xmain_params
params.permit(
:service=>service,
:start=>Time.now,
:name=>service.name,
:ip=> get_ip,
:status=>'I', # init
:user=>current_user,
:xvars=> {
:service_id=>service.id, :p=>params,
:id=>params[:id],
:user_id=>current_user.try(:id),
:custom_controller=>custom_controller,
:host=>request.host,
:referer=>request.env['HTTP_REFERER']
}
)
end
Problem: It's not create as supposed to do. This code (before modified) work in rails 4 but Warning in 5.0 and Now not work in Rails 5.1 all using Ruby 2.4.1. What should I do/Thanks
And when tried
Mindapp::Xmain.create :service=>params.permit(service),
:start=>params.permit(Time.now),
:name=>params.permit(service.name),
:ip=>params.permit(get_ip),
:status=>params.permit('I'), # init
:user=>params.permit(current_user),
:xvars=> params.permit({
:service_id=>service.id, :p=>params,
:id=>params[:id],
:user_id=>current_user.try(:id),
:custom_controller=>custom_controller,
:host=>request.host,
:referer=>request.env['HTTP_REFERER']
})
Errors:
Mongoid::Errors::InvalidValue -
message:
Value of type ActionController::Parameters cannot be written to a field of type Hash
summary:
Tried to set a value of type ActionController::Parameters to a field of type Hash
resolution:
Verify if the value to be set correspond to field definition:
And try using params.
Mindapp::Xmain.create :service=>params.service,
:start=>params.Time.now,
:name=>params.service.name,
:ip=> params.get_ip,
:status=>params('I'), # init
:user=>params.current_user,
:xvars=> {
:service_id=>params.service.id, :p=>params,
:id=>params[:id],
:user_id=>params.current_user.try(:id),
:custom_controller=>params.custom_controller,
:host=>params.request.host,
:referer=>params.request.env['HTTP_REFERER']
}
Errors:
NoMethodError - undefined method `service' for #<ActionController::Parameters:0x007ff6b07158f0>:
actionpack (5.0.2) lib/action_controller/metal/strong_parameters.rb:646:in `method_missing'
app/controllers/mindapp_controller.rb:384:in `create_xmain'
回答1:
The issue is :p=>params. I'm assuming params is a params object from the request. Under Rails 5.1, it will no longer support standard hash functions such as to_bson, which mindapp library appears to be using (or maybe one of its dependent libraries is using it).
A simple fix is probably to replace it with :p=>params.to_unsafe_hash or for a safer solution, :p=>params.permit(:foo, :bar) (whatever params should be used, these should possibly be checked/cleansed first).
来源:https://stackoverflow.com/questions/43463680/mass-assignment-in-rails-5