diff options
author | Stan Hu <stanhu@gmail.com> | 2019-01-04 23:59:17 -0800 |
---|---|---|
committer | Stan Hu <stanhu@gmail.com> | 2019-01-05 01:56:47 -0800 |
commit | 7d28e39f58e53919379eed81b4385c5f335fe37f (patch) | |
tree | 368bb9e71dd6bc4d22e9f2823845151ece25e7b3 /lib/gitlab/middleware | |
parent | d432d674148601555c4ba693bb7c282ac9fe3d4a (diff) | |
download | gitlab-ce-7d28e39f58e53919379eed81b4385c5f335fe37f.tar.gz |
Fix multipart attachments not uploadingsh-fix-multipart-uploads-failure
Mixing and matching the use of Rack::Request and ActionDispatch::Request
in Rails 5 is bad, particularly if you have middleware that
manipulates or accesses environment variables.
`Gitlab::Middleware::Multipart` attempts to rewrite request parameters
to the proper values (e.g. replacing `data_file` with
`UploadedFile`). It does this by calling `Rack::Request#update_params`,
which essentially updates `env['rack.request.form_hash']`.
By changing to `ActionDispatch::Request`, the Go middleware was causing
the request parameters to be stored inside
`env['action_dispatch.request.request_parameters']`. Later calls to
`Rack::Request#update_params` would not have any effect because it would
attempt to update `env['rack.request.form_has']` instead of
`env['action_dispatch.request.request_parameters']`. As a result, the
controller still saw the old parameters.
Since the Go middleware appears to be using `ActionDispatch::Request`
for authorization methods, we can switch the multipart middleware to
use it too.
Closes https://gitlab.com/gitlab-org/gitlab-ee/issues/9035
Diffstat (limited to 'lib/gitlab/middleware')
-rw-r--r-- | lib/gitlab/middleware/multipart.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/middleware/multipart.rb b/lib/gitlab/middleware/multipart.rb index 84c2f0d5720..433151b80e7 100644 --- a/lib/gitlab/middleware/multipart.rb +++ b/lib/gitlab/middleware/multipart.rb @@ -32,7 +32,7 @@ module Gitlab class Handler def initialize(env, message) - @request = Rack::Request.new(env) + @request = ActionDispatch::Request.new(env) @rewritten_fields = message['rewritten_fields'] @open_files = [] end |