This project is archived and is in readonly mode.

#2259 ✓wontfix
Matt Jankowski

Params Hash issues?

Reported by Matt Jankowski | March 16th, 2009 @ 09:27 PM | in 2.x

Running into issue with converting submitted form elements into correct params, as compared to rails 2.2 behavior...


<form action="/session" method="post"><div style="margin:0;padding:0"><input name="authenticity_token" type="hidden" value="99e3738d859713c4de837759a5cf128b5a1a8442" /></div>
      <label for="session_email">Email</label>
      <input id="session_email" name="session[email]" size="30" type="text" />  
      <label for="session_password">Password</label>
      <input id="session_password" name="session[password]" size="30" type="password" />

RAILS 2.2 When submitted...

Processing SessionsController#create (for at 2009-03-16 16:56:15) [POST]
Parameters: {"commit"=>"Sign in", "action"=>"create", "authenticity_token"=>"99e3738d859713c4de837759a5cf128b5a1a8442", "session"=>{"password"=>"[FILTERED]", "email"=>"test@test.test"}, "controller"=>"sessions"}


<form action="http://localhost:4000/admin/session" method="post"><div style="margin:0;padding:0"><input name="authenticity_token" type="hidden" value="Z0lxRua6hNovMIYkuiNCUwS5QijrKAyi5nZXjD8uOI4=" /></div>  <fieldset>
      <label for="user_email">Email</label><br />
      <input id="user_email" name="user[email]" size="30" type="text" />
      <label for="user_password">Password</label><br />
      <input id="user_password" name="user[password]" size="30" type="password" />

RAILS 2.3 When submitted...

Processing Admin::SessionController#create (for at 2009-03-16 16:56:36) [POST]
Parameters: {"commit"=>"Login", "authenticity_token"=>"Z0lxRua6hNovMIYkuiNCUwS5QijrKAyi5nZXjD8uOI4=", "user[email]"=>"test@test.test", "user[password]"=>"test"}

Note the difference in how basically similar form elements are turned into params...

{ "session"=>{"password"=>"[FILTERED]", "email"=>"test@test.test"} }

{ "user[email]"=>"test@test.test", "user[password]"=>"test" }

...and how the first is a nested hash (as expected), but rails 2.3 is not.

Comments and changes to this ticket

  • Matt Jankowski

    Matt Jankowski March 16th, 2009 @ 09:38 PM

    This seems to work correctly in test mode, I added a "puts params.inspect" line to the #create action where this was occurring in development mode. Results are as expected in test...

    {"user"=>{"password"=>"mock", "email"=>"mock"}, "action"=>"create", "controller"=>"admin/session"}
  • josh

    josh March 16th, 2009 @ 09:54 PM

    • State changed from “new” to “wontfix”
    • Assigned user set to “josh”

    This is related to a rack gem loading issue. Rack 0.9 doesn't support nested params (yet), however the soon to be release rack 1.0 does. We've bundled rack 1.0 with Rails but there were some known loading issues in RC2 but were fix in the final release.

  • Matt Jankowski

    Matt Jankowski March 16th, 2009 @ 10:06 PM

    Ok, this is happening on a 2.3.2 app which was updated with "rake rails:freeze:edge RELEASE=2.3.2" (and pulled down the zip, etc) shortly after the release today.

    I also confirmed that this happens with a v2.3.2 tarball downloaded from github.

  • Matt Jankowski

    Matt Jankowski March 16th, 2009 @ 10:07 PM

    New info...

    This does NOT happen using mongrel_rails to run the app under mongrel, but it does happen when using 'thin start' to run the app with thin.

  • Matt Jankowski

    Matt Jankowski March 16th, 2009 @ 10:11 PM

    Attempted using both thin 1.0.0 from rubygems and thin 1.1.0 from github, which I think is the latest stable thin gem release.

  • josh

    josh March 16th, 2009 @ 10:27 PM

    The v2.3.2 git tag is wrong. The next commit includes this fix. However the 2.3 gem version was built from the correct source.

  • Matt Jankowski

    Matt Jankowski March 16th, 2009 @ 11:12 PM

    Ok, thanks for the help. I pulled from edge instead of the 2.3.2 tag, and it's fine now.

    Maybe clarify this mis-tagging on the official release blog post or something? I could see this driving people mad if they happen to be using thin in local development...

  • Luigi Montanez

    Luigi Montanez March 18th, 2009 @ 03:08 PM

    Agreed, please fix the 2.3.2 tag. It's what's used to generate the .tar.gz archive at, so anyone using that gets a bad version of Rails 2.3.2.

  • Tomas Varsavsky

    Tomas Varsavsky March 30th, 2009 @ 12:52 PM

    I'm having the same issue but did not freeze rails gems from the git repo. I did:

    gem install rails --version 2.3.2 RAILS_GEM_VERSION = '2.3.2' in my environment.rb rake rails:freeze:gems

    From what I can gather in the comments above, I should not have a broken version.

  • Tomas Varsavsky

    Tomas Varsavsky March 30th, 2009 @ 01:10 PM

    Updated to edge rails, problem persists. I'm using latest released Rack 0.9.1.

  • Tomas Varsavsky

    Tomas Varsavsky March 31st, 2009 @ 09:07 AM

    The problem was that I had Rack 0.9.1 as a dependent gem in my environment.rb which conflicted with the version of Rack that is bundled with Rails 2.3.2. I had added rack 0.9.1 as a dependency because Rspec 1.2.2 needs it. I moved the rack dependency to test.rb and now everything works.

  • Matthew Williams

    Matthew Williams April 15th, 2009 @ 04:59 PM

    • Tag set to, bug, hash, params

    I'm showing the exact same behavior but unlike Tomas, I do not have Rack 0.9.1 as a dependent gem anywhere.

    Has anyone come up with a solid resolution for this problem yet?

  • Matthew Williams

    Matthew Williams April 15th, 2009 @ 05:05 PM

    Disregard previous message.

    I'm sending an empty param from a hidden field which Rack 1.0 is now blowing up on. Removing the hidden field solves my problem and the params are handled correctly but a main functionality of my application is now broken because Rack doesn't like that empty hidden field.

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

Referenced by