It should not mess with file uploads

lib/rack/sanitize.rb

@@ -23,6 +23,8 @@ def sanitize(value)
         value.map {|v| sanitize(v)}
       elsif value.is_a?(String)
         ::Sanitize.clean(value, @config)
+      else
+        value
       end
     end
 

spec/rack/sanitize_spec.rb

@@ -1,4 +1,4 @@
-require File.dirname(__FILE__) + '/../spec_helper'
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
 
 describe Rack::Sanitize do
   it "should sanitize GETs" do
@@ -70,4 +70,26 @@
   it "should default to sanitizing both GETs and POSTs" do
 
   end
+
+  describe "file uploads" do
+    before do
+      @fixtures_dir  = File.join(File.dirname(__FILE__), '..', 'fixtures')
+      @gnu_file      = File.join(@fixtures_dir, 'gnu.png')
+      @uploaded_file = File.join(@fixtures_dir, 'uploaded_file.png')
+    end
+
+    after do
+      if File.exists?(@uploaded_file)
+        FileUtils.rm(@uploaded_file)
+      end
+    end
+
+    it "should not mess with file uploads" do
+      file = Rack::Test::UploadedFile.new(@gnu_file, 'image/png')
+
+      post '/fileupload', {"file" => file}
+      File.exists?(@uploaded_file).should be_true
+      FileUtils.compare_file(@gnu_file, @uploaded_file).should be_true
+    end
+  end
 end

spec/spec_helper.rb

@@ -15,6 +15,11 @@ class PotentialVictim < Sinatra::Base
   post '/post' do
     "POSTs: #{Rack::Utils.unescape(request.POST.to_query)}"
   end
+
+  post '/fileupload' do
+    tempfile = params["file"][:tempfile]
+    FileUtils.copy_file(tempfile.path, File.join(File.dirname(__FILE__), 'fixtures', 'uploaded_file.png'))
+  end
 end
 
 Spec::Runner.configure do |config|