From 41528f5d1157fa615453dcca2735d59677aaf1f1 Mon Sep 17 00:00:00 2001
From: Ian Christian Myers <ian@iancmyers.com>
Date: Wed, 5 Jun 2013 00:55:55 -0700
Subject: [PATCH] Implemented strong_parameters for Upload/UploadsController.

The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.
---
 app/controllers/uploads_controller.rb       | 2 +-
 app/models/upload.rb                        | 2 ++
 spec/controllers/uploads_controller_spec.rb | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index c46dde316..db82d1eed 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -2,7 +2,7 @@ class UploadsController < ApplicationController
   before_filter :ensure_logged_in
 
   def create
-    requires_parameter(:topic_id)
+    params.require(:topic_id)
     file = params[:file] || params[:files].first
     
     # only supports images for now
diff --git a/app/models/upload.rb b/app/models/upload.rb
index de7226a53..f47d0a28e 100644
--- a/app/models/upload.rb
+++ b/app/models/upload.rb
@@ -5,6 +5,8 @@ require 's3'
 require 'local_store'
 
 class Upload < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+
   belongs_to :user
   belongs_to :topic
 
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index d3a971ff5..bbbef2914 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -16,7 +16,7 @@ describe UploadsController do
 
       context 'missing params' do
         it 'raises an error without the topic_id param' do
-          -> { xhr :post, :create }.should raise_error(Discourse::InvalidParameters)
+          -> { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
         end
       end