#6090 ParameterFilter: strings joined into a regexp should be regexp-quoted - Ruby on Rails

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#6090 ✓stale

ParameterFilter: strings joined into a regexp should be regexp-quoted

Reported by y_feldblum (at yahoo) | November 30th, 2010 @ 05:04 PM

In the following file/line:

https://github.com/rails/rails/blob/master/actionpack/lib/action_di...

The ParameterFilter creates a regexp directly from one or more strings joined together.

If the intention is that we (Rails users, application authors) should specify parameter filters using regexps when we want regexp filters and strings/symbols when we want exact matches and blocks when we want custom behavior, then the strings/symbols being used to construct the regexp should be regexp-quoted.

Rather than:

strings.join('|')

use:

strings.map{|s| Regexp.quote(s)}.join('|')

Comments and changes to this ticket

Neeraj Singh November 30th, 2010 @ 06:25 PM
- Importance changed from “” to “Low”
Can you submit a patch with test? I guess string should be quoted.
rails March 1st, 2011 @ 12:00 AM
- State changed from “new” to “open”
This issue has been automatically marked as stale because it has not been commented on for at least three months.

The resources of the Rails core team are limited, and so we are asking for your help. If you can still reproduce this error on the 3-0-stable branch or on master, please reply with all of the information you have about it and add "[state:open]" to your comment. This will reopen the ticket for review. Likewise, if you feel that this is a very important feature for Rails to include, please reply with your explanation so we can consider it.

Thank you for all your contributions, and we hope you will understand this step to focus our efforts where they are most helpful.
rails March 1st, 2011 @ 12:00 AM
- State changed from “open” to “stale”

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

Rails Ruby on Rails