Merge branch 'release/0.11'0.11.0.3

1 files changed, 0 insertions, 51 deletions

diff --git a/config/initializers/strip_nil_parameters_patch.rb b/config/initializers/strip_nil_parameters_patch.rb
deleted file mode 100644
index 35d0a28c5..000000000
--- a/config/initializers/strip_nil_parameters_patch.rb
+++ /dev/null
@@ -1,51 +0,0 @@
-# Stolen from https://raw.github.com/mysociety/fixmytransport/fa9b014eb2628c300693e055f129cb8959772082/config/initializers/strip_nil_parameters_patch.rb
-
-# Monkey patch for CVE-2012-2660 on Rails 2.3.14
-
-# Strip [nil] from parameters hash
-# based on a pull request from @sebbacon
-# https://github.com/rails/rails/pull/6580
-
-module ActionController
-  class Request < Rack::Request
-    protected
-      def deep_munge(hash)
-        hash.each_value do |v|
-          case v
-          when Array
-            v.grep(Hash) { |x| deep_munge(x) }
-          when Hash
-            deep_munge(v)
-          end
-        end
-
-        keys = hash.keys.find_all { |k| hash[k] == [nil] }
-        keys.each { |k| hash[k] = nil }
-        hash
-      end
-
-    private
-
-      def normalize_parameters(value)
-        case value
-        when Hash
-          if value.has_key?(:tempfile)
-            upload = value[:tempfile]
-            upload.extend(UploadedFile)
-            upload.original_path = value[:filename]
-            upload.content_type = value[:type]
-            upload
-          else
-            h = {}
-            value.each { |k, v| h[k] = normalize_parameters(v) }
-            deep_munge(h.with_indifferent_access)
-          end
-        when Array
-          value.map { |e| normalize_parameters(e) }
-        else
-          value
-        end
-      end
-
-  end
-end