diff options
| author | Xavier Noria <fxn@hashref.com> | 2013-01-23 23:14:47 +0100 |
|---|---|---|
| committer | Xavier Noria <fxn@hashref.com> | 2013-01-23 23:15:26 +0100 |
| commit | 8ac94d7c8938649984c683a51ee54589ee338166 (patch) | |
| tree | 880e26d5d032de25118e2b87482aae31fe6e7107 /actionpack | |
| parent | 3af85ed311f37ec4092b1876116a1209faeec812 (diff) | |
| download | rails-8ac94d7c8938649984c683a51ee54589ee338166.tar.gz rails-8ac94d7c8938649984c683a51ee54589ee338166.tar.bz2 rails-8ac94d7c8938649984c683a51ee54589ee338166.zip | |
ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051]
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/metal/strong_parameters.rb | 7 | ||||
| -rw-r--r-- | actionpack/test/controller/parameters/parameters_permit_test.rb | 3 |
2 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index d028c7d8c4..7e720ca6f5 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -1,6 +1,7 @@ require 'active_support/core_ext/hash/indifferent_access' require 'active_support/core_ext/array/wrap' require 'active_support/rescuable' +require 'action_dispatch/http/upload' module ActionController # Raised when a required parameter is missing. @@ -190,8 +191,9 @@ module ActionController # # +:name+ passes it is a key of +params+ whose associated value is of type # +String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+, - # +Date+, +Time+, +DateTime+, +StringIO+, or +IO+. Otherwise, the key +:name+ - # is filtered out. + # +Date+, +Time+, +DateTime+, +StringIO+, +IO+, or + # +ActionDispatch::Http::UploadedFile+. Otherwise, the key +:name+ is + # filtered out. # # You may declare that the parameter should be an array of permitted scalars # by mapping it to an empty array: @@ -371,6 +373,7 @@ module ActionController # DateTimes are Dates, we document the type but avoid the redundant check. StringIO, IO, + ActionDispatch::Http::UploadedFile, ] def permitted_scalar?(value) diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 734662ae11..aadb142660 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -1,4 +1,5 @@ require 'abstract_unit' +require 'action_dispatch/http/upload' require 'action_controller/metal/strong_parameters' class ParametersPermitTest < ActiveSupport::TestCase @@ -31,7 +32,7 @@ class ParametersPermitTest < ActiveSupport::TestCase values += [0, 1.0, 2**128, BigDecimal.new(1)] values += [true, false] values += [Date.today, Time.now, DateTime.now] - values += [StringIO.new] + values += [STDOUT, StringIO.new, ActionDispatch::Http::UploadedFile.new(tempfile: __FILE__)] values.each do |value| params = ActionController::Parameters.new(id: value) |