search

solnic / virtus

[DISCONTINUED ] Attributes on Steroids for Plain Old Ruby Objects
MIT License
3.77k stars 229 forks source link

Rails 5 generating deprecation warning when using strong parameter #362

Open cesarjr opened 8 years ago

cesarjr commented 8 years ago

I'm using Rails 5 and this deprecation warning is been shown:

DEPRECATION WARNING: Method to_hash is deprecated and will be removed in Rails 5.1, as ActionController::Parameters no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.0/classes/ActionController/Parameters.html

This is my code:

track = API::Tracker::Track.new(track_params)

And this is my work around:

track = API::Tracker::Track.new(track_params.to_h)

Is there any permanent solution?

greenmindPDX commented 8 years ago

@cesarjr are your track_params coming in as standard ActionController::Parameters before you run to_h?

envygeeks commented 8 years ago

@solnic want to push a new version or add me to the gem so I can?

solnic commented 8 years ago

@envygeeks just added you to rubygems.org as a new gem owner so you can push releases

dgilperez commented 8 years ago

Any fix for this?

envygeeks commented 8 years ago

Ah I forgot about this issue, I'll add it to my todo for this week.

nbulaj commented 7 years ago

Sooo?

zuzannast commented 7 years ago

+1

antnettleship commented 7 years ago

+1

blakeperdue commented 7 years ago

+1 I'm using this code:

<%= params.except(:controller, :action).merge(rating: i).to_param %>

but am getting the same deprecation warning on to_param method. But, I've read the link and googled for an hour and have found no alternatives to achieve what I want (add a new get param to existing params and putting them into this format:

param=value&param2=value&param3=value

mgidea commented 7 years ago

changing

def coerce(attributes)
      ::Hash.try_convert(attributes) or raise(
        NoMethodError, "Expected #{attributes.inspect} to respond to #to_hash"
      )
end

to

def coerce(attributes)
      (attributes.respond_to?(:permitted?) ? attributes.to_h : ::Hash.try_convert(attributes) or raise(
        NoMethodError, "Expected #{attributes.inspect} to respond to #to_hash"
      )
end

in AttributeSet

should fix the deprecation

danielbecker commented 7 years ago

+1 Created a pr for this: #382

krisleech commented 6 years ago

You can do this in your Virtus model:

def initialize(attributes)
  super(attributes.to_h)
end