From ce477997daafd1e4935d8b4b7782956393b30fbf Mon Sep 17 00:00:00 2001
From: Alberto Vena <kennyadsl@gmail.com>
Date: Mon, 14 Dec 2020 09:20:27 +0100
Subject: [PATCH 1/2] Reintroduce and deprecate whitelisted_params config

This allows people to switch to the new config without
breaking their applications or requiring a new release
for libraries using this gem.
---
 lib/canonical-rails.rb                        | 12 ++++++++++-
 lib/canonical-rails/deprecation.rb            |  7 +++++++
 .../canonical_rails/tag_helper_spec.rb        | 20 +++++++++++++++++++
 3 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 lib/canonical-rails/deprecation.rb

diff --git a/lib/canonical-rails.rb b/lib/canonical-rails.rb
index 15e20c8..cd6526a 100644
--- a/lib/canonical-rails.rb
+++ b/lib/canonical-rails.rb
@@ -1,4 +1,5 @@
 require "canonical-rails/engine"
+require "canonical-rails/deprecation"
 
 module CanonicalRails
 
@@ -23,6 +24,10 @@ def self.setup
   mattr_accessor :collection_actions
   @@collection_actions = [:index]
 
+  # @deprecated: use config.allowed_parameters instead
+  mattr_accessor :whitelisted_parameters
+  @@whitelisted_parameters = []
+
   mattr_accessor :allowed_parameters
   @@allowed_parameters = []
 
@@ -34,6 +39,11 @@ def self.sym_collection_actions
   end
 
   def self.sym_allowed_parameters
-    @@sym_allowed_parameters ||= self.allowed_parameters.map(&:to_sym)
+    @@sym_allowed_parameters ||= if self.whitelisted_parameters.empty?
+      self.allowed_parameters.map(&:to_sym)
+    else
+      CanonicalRails::Deprecation.warn('config.whitelisted_parameters is deprecated, please use config.allowed_parameters instead.')
+      self.whitelisted_parameters.map(&:to_sym)
+    end
   end
 end
diff --git a/lib/canonical-rails/deprecation.rb b/lib/canonical-rails/deprecation.rb
new file mode 100644
index 0000000..29e28c8
--- /dev/null
+++ b/lib/canonical-rails/deprecation.rb
@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require 'active_support/deprecation'
+
+module CanonicalRails
+  Deprecation = ActiveSupport::Deprecation.new('1.0', 'CanonicalRails')
+end
diff --git a/spec/helpers/canonical_rails/tag_helper_spec.rb b/spec/helpers/canonical_rails/tag_helper_spec.rb
index 6666d99..d4b6b9b 100644
--- a/spec/helpers/canonical_rails/tag_helper_spec.rb
+++ b/spec/helpers/canonical_rails/tag_helper_spec.rb
@@ -210,6 +210,26 @@
         end
       end
     end
+
+    describe 'with the old config.whitelisted_parameters' do
+      before do
+        CanonicalRails.whitelisted_parameters = ['page']
+        allow_any_instance_of(controller.class)
+          .to receive(:params)
+          .and_return(ActionController::Parameters.new('i-will' => 'kill-your-seo', 'page' => '5'))
+        controller.request.path_parameters = { controller: 'our_resources', action: 'index' }
+      end
+
+      after do
+        CanonicalRails.class_variable_set(:@@sym_whitelisted_parameters, nil)
+      end
+
+      it 'emits a deprecation warning and keeps working' do
+        expect(CanonicalRails::Deprecation).to receive(:warn).once
+        expect(helper.allowed_params['page']).to eq '5'
+        expect(helper.allowed_params['i-will']).to be_nil
+      end
+    end
   end
 
   describe 'when host is specified' do

From 4fb8c63a0c5800f2ba38f8a433f2b0ea9b716810 Mon Sep 17 00:00:00 2001
From: Alberto Vena <kennyadsl@gmail.com>
Date: Mon, 14 Dec 2020 09:25:54 +0100
Subject: [PATCH 2/2] Remove last occurrence of whitelisted_params

Even if compact, it has the same meaning.
---
 app/helpers/canonical_rails/tag_helper.rb | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/app/helpers/canonical_rails/tag_helper.rb b/app/helpers/canonical_rails/tag_helper.rb
index 690d906..5e93b3a 100644
--- a/app/helpers/canonical_rails/tag_helper.rb
+++ b/app/helpers/canonical_rails/tag_helper.rb
@@ -73,10 +73,8 @@ def allowed_query_string
       # https://github.com/rack/rack/blob/9939d40a5e23dcb058751d1029b794aa2f551900/test/spec_utils.rb#L222
       # Rack 1.6.0 has it
       # https://github.com/rack/rack/blob/65a7104b6b3e9ecd8f33c63a478ab9a33a103507/test/spec_utils.rb#L251
-
-      wl_params = allowed_params
-
-      "?" + Rack::Utils.build_nested_query(convert_numeric_params(wl_params)) if wl_params.present?
+      parameters = allowed_params
+      "?" + Rack::Utils.build_nested_query(convert_numeric_params(parameters)) if parameters.present?
     end
 
     private