with_indifferent_access is deprecated (Rails 5.0.X)

[kuahyeow]

DEPRECATION WARNING: Method with_indifferent_access is deprecated and will be removed in Rails 5.1, as `ActionController::Parameters` no longer inherits from hash. Using this deprecated behavior exposes potential security problems. If you continue to use this method you may be creating a security vulnerability in your app that can be exploited. Instead, consider using one of these documented methods which are not deprecated: http://api.rubyonrails.org/v5.0.3/classes/ActionController/Parameters.html (called from assign_nested_attributes_for_one_to_one_association at /Users/kuahyeow/.rbenv/versions/2.3.5/lib/ruby/gems/2.3.0/gems/protected_attributes_continued-1.3.0/lib/active_record/mass_assignment_security/nested_attributes.rb:53)

It looks like it's coming from assign_nested_attributes_for_one_to_one_association.

[kuahyeow]

I note that in assign_nested_attributes_for_collection_association, the attributes was converted using to_unsafe_h. Perhaps the same treatment can be done in this method ?

[westonganger]

Yeah that's the solution. Feel free to create a PR.

[obromios]

I am upgrading a working application from rails 5.0.6 to rails 5.1.4. I am using protected_attributes_continued 1.3.0. I am getting the following error when I do things like User.new(params[:user]

ActionController::UnfilteredParameters:
       unable to convert unpermitted parameters to hash

This seems to be related to this issue, how do I fix this?

[westonganger]

Well your example says prams it should be params

[obromios]

Thanks, that was a typo, I have corrected it. The issue seems to be that params is no longer a hash, so strong parameters is automatically enforced when you try to access it.