aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack
diff options
context:
space:
mode:
authorXavier Noria <fxn@hashref.com>2013-01-23 23:14:47 +0100
committerXavier Noria <fxn@hashref.com>2013-01-23 23:15:26 +0100
commit8ac94d7c8938649984c683a51ee54589ee338166 (patch)
tree880e26d5d032de25118e2b87482aae31fe6e7107 /actionpack
parent3af85ed311f37ec4092b1876116a1209faeec812 (diff)
downloadrails-8ac94d7c8938649984c683a51ee54589ee338166.tar.gz
rails-8ac94d7c8938649984c683a51ee54589ee338166.tar.bz2
rails-8ac94d7c8938649984c683a51ee54589ee338166.zip
ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051]
Diffstat (limited to 'actionpack')
-rw-r--r--actionpack/lib/action_controller/metal/strong_parameters.rb7
-rw-r--r--actionpack/test/controller/parameters/parameters_permit_test.rb3
2 files changed, 7 insertions, 3 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index d028c7d8c4..7e720ca6f5 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -1,6 +1,7 @@
require 'active_support/core_ext/hash/indifferent_access'
require 'active_support/core_ext/array/wrap'
require 'active_support/rescuable'
+require 'action_dispatch/http/upload'
module ActionController
# Raised when a required parameter is missing.
@@ -190,8 +191,9 @@ module ActionController
#
# +:name+ passes it is a key of +params+ whose associated value is of type
# +String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+,
- # +Date+, +Time+, +DateTime+, +StringIO+, or +IO+. Otherwise, the key +:name+
- # is filtered out.
+ # +Date+, +Time+, +DateTime+, +StringIO+, +IO+, or
+ # +ActionDispatch::Http::UploadedFile+. Otherwise, the key +:name+ is
+ # filtered out.
#
# You may declare that the parameter should be an array of permitted scalars
# by mapping it to an empty array:
@@ -371,6 +373,7 @@ module ActionController
# DateTimes are Dates, we document the type but avoid the redundant check.
StringIO,
IO,
+ ActionDispatch::Http::UploadedFile,
]
def permitted_scalar?(value)
diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb
index 734662ae11..aadb142660 100644
--- a/actionpack/test/controller/parameters/parameters_permit_test.rb
+++ b/actionpack/test/controller/parameters/parameters_permit_test.rb
@@ -1,4 +1,5 @@
require 'abstract_unit'
+require 'action_dispatch/http/upload'
require 'action_controller/metal/strong_parameters'
class ParametersPermitTest < ActiveSupport::TestCase
@@ -31,7 +32,7 @@ class ParametersPermitTest < ActiveSupport::TestCase
values += [0, 1.0, 2**128, BigDecimal.new(1)]
values += [true, false]
values += [Date.today, Time.now, DateTime.now]
- values += [StringIO.new]
+ values += [STDOUT, StringIO.new, ActionDispatch::Http::UploadedFile.new(tempfile: __FILE__)]
values.each do |value|
params = ActionController::Parameters.new(id: value)