We’re using Paperclip for file uploads and recent edge Rails rendered our user profile forms unusable.
File uploads don’t break our application when there was an actual file upload; what breaks Paperclip is the case when nothing was selected in the file input. The form is still sent with multipart encoding and parsed by Rack, which creates a Tempfile regardless of whether some data was received or not.
The result of Rack processing a single file field is a hash with these keys: {:filename, :type, :name, :tempfile, :head}.
Rails further processes this in ActionController::UrlEncodedPairParser.get_typed_value. When it sees the above formatted hash, it replaces it with the Tempfile object it references and applies other metadata, like filename, as properties of this object.
In short, when a “user[avatar]” file field was sent empty, older Rails version would receive nothing:
In my workaround I detect there was no file if the filename property is blank. Are there cases a valid file could be uploaded without an original filename? Is a better check to see if the size of Tempfile is 0, also?
I would like to ask someone to create a failing tests for this. I didn’t figure out how to simulate a browser submitting an empty form field – I don’t even know what it sends. An empty byte stream with Content-Type: application/octet-stream; Content-Transfer-Encoding: binary? I tried, but ordinary String comes through instead of Tempfile.
I don't think Rack's multipart parser should be creating empty tempfiles.