From 8ac94d7c8938649984c683a51ee54589ee338166 Mon Sep 17 00:00:00 2001 From: Xavier Noria Date: Wed, 23 Jan 2013 23:14:47 +0100 Subject: [PATCH] ActionDispatch::Http::UploadedFile is a permitted scalar [Closes #9051] --- .../lib/action_controller/metal/strong_parameters.rb | 7 +++++-- .../test/controller/parameters/parameters_permit_test.rb | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb index d028c7d8c4..7e720ca6f5 100644 --- a/actionpack/lib/action_controller/metal/strong_parameters.rb +++ b/actionpack/lib/action_controller/metal/strong_parameters.rb @@ -1,6 +1,7 @@ require 'active_support/core_ext/hash/indifferent_access' require 'active_support/core_ext/array/wrap' require 'active_support/rescuable' +require 'action_dispatch/http/upload' module ActionController # Raised when a required parameter is missing. @@ -190,8 +191,9 @@ module ActionController # # +:name+ passes it is a key of +params+ whose associated value is of type # +String+, +Symbol+, +NilClass+, +Numeric+, +TrueClass+, +FalseClass+, - # +Date+, +Time+, +DateTime+, +StringIO+, or +IO+. Otherwise, the key +:name+ - # is filtered out. + # +Date+, +Time+, +DateTime+, +StringIO+, +IO+, or + # +ActionDispatch::Http::UploadedFile+. Otherwise, the key +:name+ is + # filtered out. # # You may declare that the parameter should be an array of permitted scalars # by mapping it to an empty array: @@ -371,6 +373,7 @@ module ActionController # DateTimes are Dates, we document the type but avoid the redundant check. StringIO, IO, + ActionDispatch::Http::UploadedFile, ] def permitted_scalar?(value) diff --git a/actionpack/test/controller/parameters/parameters_permit_test.rb b/actionpack/test/controller/parameters/parameters_permit_test.rb index 734662ae11..aadb142660 100644 --- a/actionpack/test/controller/parameters/parameters_permit_test.rb +++ b/actionpack/test/controller/parameters/parameters_permit_test.rb @@ -1,4 +1,5 @@ require 'abstract_unit' +require 'action_dispatch/http/upload' require 'action_controller/metal/strong_parameters' class ParametersPermitTest < ActiveSupport::TestCase @@ -31,7 +32,7 @@ class ParametersPermitTest < ActiveSupport::TestCase values += [0, 1.0, 2**128, BigDecimal.new(1)] values += [true, false] values += [Date.today, Time.now, DateTime.now] - values += [StringIO.new] + values += [STDOUT, StringIO.new, ActionDispatch::Http::UploadedFile.new(tempfile: __FILE__)] values.each do |value| params = ActionController::Parameters.new(id: value)