Implemented strong_parameters for Upload/UploadsController.

The topic_id param is now required using strong_parameters' #require method. If the parameter is missing ActionController::ParameterMissing will be raised instead of Discourse::InvalidParameters.

app/controllers/uploads_controller.rb

@@ -2,7 +2,7 @@ class UploadsController < ApplicationController
   before_filter :ensure_logged_in
 
   def create
-    requires_parameter(:topic_id)
+    params.require(:topic_id)
     file = params[:file] || params[:files].first
     
     # only supports images for now

app/models/upload.rb

@@ -5,6 +5,8 @@ require 's3'
 require 'local_store'
 
 class Upload < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+
   belongs_to :user
   belongs_to :topic
 

spec/controllers/uploads_controller_spec.rb

@@ -16,7 +16,7 @@ describe UploadsController do
 
       context 'missing params' do
         it 'raises an error without the topic_id param' do
-          -> { xhr :post, :create }.should raise_error(Discourse::InvalidParameters)
+          -> { xhr :post, :create }.should raise_error(ActionController::ParameterMissing)
         end
       end