diff options
Diffstat (limited to 'lib/uploaded_file.rb')
| -rw-r--r-- | lib/uploaded_file.rb | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/lib/uploaded_file.rb b/lib/uploaded_file.rb index 73029c934f4..9c06daa6c5a 100644 --- a/lib/uploaded_file.rb +++ b/lib/uploaded_file.rb @@ -52,8 +52,7 @@ class UploadedFile elsif path.present? file_path = File.realpath(path) - paths = Array(upload_paths) << Dir.tmpdir - unless self.allowed_path?(file_path, paths.compact) + unless self.allowed_path?(file_path, Array(upload_paths).compact) raise InvalidPathError, "insecure path used '#{file_path}'" end end |