From 6ca685339225e4c1dc37c487309a3ed352199ccd Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Mon, 16 Sep 2013 12:58:26 +1000
Subject: [PATCH] disable XML params, they are just used by malicious bots to
 determine if we have XML vuls.

---
 config/application.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/application.rb b/config/application.rb
index 0591b1c5e7..6928a18e06 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -129,5 +129,11 @@ module Discourse
     config.after_initialize do
       OpenID::Util.logger = Rails.logger
     end
+
+    # This is not really required per-se, but we do not want to support
+    # XML params, we see errors in our logs about malformed XML and there
+    # absolutly no spot in our app were we use XML as opposed to JSON endpoints
+    ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML)
+
   end
 end