From 813df1a3fb1a10703517e08a9e8221c336063b5d Mon Sep 17 00:00:00 2001
From: Joffrey JAFFEUX <j.jaffeux@gmail.com>
Date: Thu, 14 Dec 2017 11:25:58 +0100
Subject: [PATCH] FIX: not permitted theme params when importing theme

---
 app/controllers/admin/themes_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/admin/themes_controller.rb b/app/controllers/admin/themes_controller.rb
index aee9547006e..593e91a2f70 100644
--- a/app/controllers/admin/themes_controller.rb
+++ b/app/controllers/admin/themes_controller.rb
@@ -26,13 +26,13 @@ class Admin::ThemesController < Admin::AdminController
 
   def import
     @theme = nil
-    if params[:theme]
-      json = JSON::parse(params[:theme].read)
+    uploaded_theme = params.require(:theme)
+    if uploaded_theme
+      json = JSON::parse(uploaded_theme.read)
       theme = json['theme']
 
       @theme = Theme.new(name: theme["name"], user_id: current_user.id)
       theme["theme_fields"]&.each do |field|
-
         if field["raw_upload"]
           begin
             tmp = Tempfile.new