gitlab-org--gitlab-foss/lib/gitlab/middleware
Stan Hu 7d28e39f58 Fix multipart attachments not uploading
Mixing and matching the use of Rack::Request and ActionDispatch::Request
in Rails 5 is bad, particularly if you have middleware that
manipulates or accesses environment variables.

`Gitlab::Middleware::Multipart` attempts to rewrite request parameters
to the proper values (e.g. replacing `data_file` with
`UploadedFile`). It does this by calling `Rack::Request#update_params`,
which essentially updates `env['rack.request.form_hash']`.

By changing to `ActionDispatch::Request`, the Go middleware was causing
the request parameters to be stored inside
`env['action_dispatch.request.request_parameters']`. Later calls to
`Rack::Request#update_params` would not have any effect because it would
attempt to update `env['rack.request.form_has']` instead of
`env['action_dispatch.request.request_parameters']`. As a result, the
controller still saw the old parameters.

Since the Go middleware appears to be using `ActionDispatch::Request`
for authorization methods, we can switch the multipart middleware to
use it too.

Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/9035
2019-01-05 01:56:47 -08:00
..
read_only Enable even more frozen string for lib/gitlab 2018-11-16 17:41:14 -08:00
basic_health_check.rb Use /-/health instead of breaking /-/liveness 2018-07-28 14:35:02 -07:00
correlation_id.rb Remove rails4 specific code 2018-12-16 10:48:41 +01:00
go.rb Remove authentication via warden and PRIVATE_TOKEN header 2019-01-03 20:28:02 +08:00
multipart.rb Fix multipart attachments not uploading 2019-01-05 01:56:47 -08:00
rails_queue_duration.rb Enable even more frozen string for lib/gitlab 2018-11-16 17:41:14 -08:00
read_only.rb Enable even more frozen string for lib/gitlab 2018-11-16 17:41:14 -08:00
release_env.rb Enable even more frozen string for lib/gitlab 2018-11-16 17:41:14 -08:00
static.rb Enable even more frozen string for lib/gitlab 2018-11-16 17:41:14 -08:00