[Rails] Safely persisting query parameters in Rails 3.1

I'm working on a project (Active Admin) that needs to be able to build links on the page (e.g. pagination) that include arbitrary query parameters that the user has entered.

Since `url_for` symbolizes any keys passed to it, for obvious memory concerns you can't just pass the entire params hash.

In Rails 3.2, however, you can do this:

include Rails.application.routes.url_helpers  url_for action: 'index', controller: 'employees', host: 'foo.bar', params: {'eee' => 3}  # => "http://foo.bar/employees?eee=3"  Symbol.all_symbols.map(&:to_s).include? 'eee'  # => false

In other words, you can pass `params: request.query_parameters` to `url_for` to avoid the potential DOS issue.

However we still support Rails 3.0 and 3.1, and they completely ignore `:params`.

Save for monkeypatching, has anyone found a way to safely provide this functionality?

Thanks,
Sean Linsley

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/7r7n5_gT6dkJ.
For more options, visit https://groups.google.com/groups/opt_out.