diff --git a/actionpack/test/dispatch/request/json_params_parsing_test.rb b/actionpack/test/dispatch/request/json_params_parsing_test.rb
index c609075..e8dec17 100644
--- a/actionpack/test/dispatch/request/json_params_parsing_test.rb
+++ b/actionpack/test/dispatch/request/json_params_parsing_test.rb
@@ -84,7 +84,50 @@ def teardown
end
end
+ test "prevent null query" do
+ # Make sure we have data to find
+ klass = Class.new(ActiveRecord::Base) do
+ def self.name; 'Foo'; end
+ establish_connection adapter: "sqlite3", database: ":memory:"
+ connection.create_table "foos" do |t|
+ t.string :title
+ t.timestamps null: false
+ end
+ end
+ klass.create
+ assert klass.first
+
+ app = ActionDispatch::ParamsParser.new ->(env) {
+ request = ActionDispatch::Request.new env
+ params = ActionController::Parameters.new request.parameters
+ if params[:t]
+ klass.find_by_title(params[:t])
+ else
+ nil
+ end
+ }
+
+ assert_nil app.call(make_env({ 't' => nil }))
+ assert_nil app.call(make_env({ 't' => [nil] }))
+
+ [[[nil]], [[[nil]]]].each do |data|
+ assert_deprecated do
+ assert_nil app.call(make_env({ 't' => data }))
+ end
+ end
+ end
+
private
+ def make_env json
+ data = JSON.dump json
+ content_length = data.length
+ {
+ 'CONTENT_LENGTH' => content_length,
+ 'CONTENT_TYPE' => 'application/json',
+ 'rack.input' => StringIO.new(data)
+ }
+ end
+
def assert_parses(expected, actual, headers = {})
with_test_routing do
post "/parse", actual, headers