Exceptions filtering for nested params

[kjin-]

Params filtering currently only accepts flat hash, but I reckoned there are times when using the 'form_for' tag the values are submitted as a nested hash and wouldn't get filtered.

For e.g
{:account => { :password => 'secrets' }}, the password would still remain as plain text.

[dariocravero]

@kjin- thanks for the patch!.. Your concern is right. However I think that we should provide a recursive/deep filtering instead of a one level filtering. Would you mind refactoring to do so? /cc @padrino/core-members

[wikimatze]

Puh, this issue is very old, @kjin- is this still an issue for you?

[adam12]

Not related to the PR directly, but params leak out through the rack env anyways.

---Env:

rack.version: [1, 3]
rack.input: #<StringIO:0x007fbf28d3b780>
rack.errors: #<StringIO:0x007fbf28d3b820>
rack.multithread: true
rack.multiprocess: true
rack.run_once: false
REQUEST_METHOD: GET
SERVER_NAME: example.org
SERVER_PORT: 80
QUERY_STRING: account[email]=foo%40example.com&account[password]=super_secret&account[password_confirmation]=super_secret&account[user][password]=super_secret
PATH_INFO: /boom
rack.url_scheme: http
HTTPS: off
SCRIPT_NAME:
CONTENT_LENGTH: 0
rack.test: true
REMOTE_ADDR: 127.0.0.1
HTTP_HOST: example.org
HTTP_COOKIE:
rack.request.query_string: account[email]=foo%40example.com&account[password]=super_secret&account[password_confirmation]=super_secret&account[user][password]=super_secret
rack.request.query_hash: {"account"=>{"email"=>"[email protected]", "password"=>"super_secret", "password_confirmation"=>"super_secret", "user"=>{"password"=>"super_secret"}}}
sinatra.error: divided by 0

---Params:

"email" => "[email protected]"
"password" => [FILTERED]
"password_confirmation" => [FILTERED]
"password" => [FILTERED]
"splat" => []
"captures" => [#<ZeroDivisionError: divided by 0>]

So a recursive filter would be nice but likely not needed until we sanitized rack env.

Thoughts?