diff options
Diffstat (limited to 'config/initializers/strip_nil_parameters_patch.rb')
| -rw-r--r-- | config/initializers/strip_nil_parameters_patch.rb | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/config/initializers/strip_nil_parameters_patch.rb b/config/initializers/strip_nil_parameters_patch.rb deleted file mode 100644 index 35d0a28c5..000000000 --- a/config/initializers/strip_nil_parameters_patch.rb +++ /dev/null @@ -1,51 +0,0 @@ -# Stolen from https://raw.github.com/mysociety/fixmytransport/fa9b014eb2628c300693e055f129cb8959772082/config/initializers/strip_nil_parameters_patch.rb - -# Monkey patch for CVE-2012-2660 on Rails 2.3.14 - -# Strip [nil] from parameters hash -# based on a pull request from @sebbacon -# https://github.com/rails/rails/pull/6580 - -module ActionController - class Request < Rack::Request - protected - def deep_munge(hash) - hash.each_value do |v| - case v - when Array - v.grep(Hash) { |x| deep_munge(x) } - when Hash - deep_munge(v) - end - end - - keys = hash.keys.find_all { |k| hash[k] == [nil] } - keys.each { |k| hash[k] = nil } - hash - end - - private - - def normalize_parameters(value) - case value - when Hash - if value.has_key?(:tempfile) - upload = value[:tempfile] - upload.extend(UploadedFile) - upload.original_path = value[:filename] - upload.content_type = value[:type] - upload - else - h = {} - value.each { |k, v| h[k] = normalize_parameters(v) } - deep_munge(h.with_indifferent_access) - end - when Array - value.map { |e| normalize_parameters(e) } - else - value - end - end - - end -end |