Use rack-utf8_sanitizer gem

This sanitises non utf-8 params before they're processed by Rails.
author: Louise Crow <louise.crow@gmail.com> 2014-10-31 15:16:05 +0000
committer: Louise Crow <louise.crow@gmail.com> 2014-11-18 17:45:50 +0000
commit: 45f25290e2e4a1f33ec5d3df6ecfb40300318ece (patch)
tree: 297ab4ab097bdce94908cf13c9ff44e243b5db1c /config/application.rb
parent: ab76e4a18904af104ab532cc273ba15d9bef6f75 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb
index ed4f07819..ff72df015 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -74,6 +74,10 @@ module Alaveteli
     ENV['RECAPTCHA_PUBLIC_KEY'] = ::AlaveteliConfiguration::recaptcha_public_key
     ENV['RECAPTCHA_PRIVATE_KEY'] = ::AlaveteliConfiguration::recaptcha_private_key
 
+    if RUBY_VERSION.to_f >= 1.9
+        config.middleware.insert 0, Rack::UTF8Sanitizer
+    end
+
     # Insert a bit of middleware code to prevent uneeded cookie setting.
     require "#{Rails.root}/lib/whatdotheyknow/strip_empty_sessions"
     config.middleware.insert_before ::ActionDispatch::Cookies, WhatDoTheyKnow::StripEmptySessions, :key => '_wdtk_cookie_session', :path => "/", :httponly => true
author	Louise Crow <louise.crow@gmail.com>	2014-10-31 15:16:05 +0000
committer	Louise Crow <louise.crow@gmail.com>	2014-11-18 17:45:50 +0000
commit	45f25290e2e4a1f33ec5d3df6ecfb40300318ece (patch)
tree	297ab4ab097bdce94908cf13c9ff44e243b5db1c /config/application.rb
parent	ab76e4a18904af104ab532cc273ba15d9bef6f75 (diff)