This blog is part of our Rails 5 series.
We are all guilty of treating ActionController::Parameters as a plain hash at some point or the other. But with Rails 5, ActionController::Parameters will no longer inherit from HashWithIndifferentAccess.
Inheriting from HashWithIndifferentAccess allowed programmers to call enumerable methods over ActionController::Parameters, which caused ActionController::Parameters to lose its @permitted state there by rendering Strong Parameters as a barebone Hash. This change would discourage such operations.
However since this change would have meant a major impact on all of the upgrading applications as they would have crashed with a NoMethodErrorfor all of those undesired methods. Hence this feature would go through a deprecation cycle, showing deprecation warnings for all of those HashWithIndifferentAccess method usages.
1class Parameters 2 3... 4 5def method_missing(method_sym, *args, &block) 6 if @parameters.respond_to?(method_sym) 7 message = <<-DEPRECATE.squish 8 Method #{method_sym} is deprecated and will be removed in Rails 5.1, 9 as `ActionController::Parameters` no longer inherits from 10 hash. Using this deprecated behavior exposes potential security 11 problems. If you continue to use this method you may be creating 12 a security vulnerability in your app that can be exploited. Instead, 13 consider using one of these documented methods which are not 14 deprecated: http://api.rubyonrails.org/v#{ActionPack.version}/classes/ActionController/Parameters.html 15 DEPRECATE 16 ActiveSupport::Deprecation.warn(message) 17 @parameters.public_send(method_sym, *args, &block) 18 else 19 super 20 end 21end 22 23... 24 25end
If you need to convert ActionController::Parameters in a true hash then it supports to_h method. Also ActionController::Parameters will continue to have methods like fetch, slice, slice!, except, except!, extract!, delete etc. You can take a detailed look at them here.