diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index c46dde316..db82d1eed 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -2,7 +2,7 @@ class UploadsController < ApplicationController
   before_filter :ensure_logged_in
 
   def create
-    requires_parameter(:topic_id)
+    params.require(:topic_id)
     file = params[:file] || params[:files].first
     
     # only supports images for now
diff --git a/app/models/upload.rb b/app/models/upload.rb
index de7226a53..f47d0a28e 100644
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@@ -5,6 +5,8 @@ require 's3'
 require 'local_store'
 
 class Upload < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+
   belongs_to :user
   belongs_to :topic
 
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index d3a971ff5..bbbef2914 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -16,7 +16,7 @@ describe UploadsController do
 
       context 'missing params' do
         it 'raises an error without the topic_id param' do
-          -> { xhr :post, :create }.should raise_error(Discourse::InvalidParameters)
+          -> { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
         end
       end