fix permitted? conditional for `render` calls

actionpack/lib/abstract_controller/rendering.rb

@@ -77,9 +77,12 @@ module AbstractController
     # render "foo/bar" to render :file => "foo/bar".
     # :api: plugin
     def _normalize_args(action=nil, options={})
-      if action.respond_to?(:permitted?) && action.permitted?
-        raise ArgumentError, "render parameters are not permitted"
-        action
+      if action.respond_to?(:permitted?)
+        if action.permitted?
+          action
+        else
+          raise ArgumentError, "render parameters are not permitted"
+        end
       elsif action.is_a?(Hash)
         action
       else

actionpack/test/controller/render_test.rb

@@ -56,6 +56,10 @@ class TestController < ActionController::Base
     render params[:id] # => String, AC:Params
   end
 
+  def dynamic_render_permit
+    render params[:id].permit(:file)
+  end
+
   def dynamic_render_with_file
     # This is extremely bad, but should be possible to do.
     file = params[:id] # => String, AC:Params
@@ -303,6 +307,13 @@ class ExpiresInRenderTest < ActionController::TestCase
     end
   end
 
+  def test_permitted_dynamic_render_file_hash
+    assert File.exist?(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb'))
+    response = get :dynamic_render_permit, { id: { file: '../\\../test/abstract_unit.rb' } }
+    assert_equal File.read(File.join(File.dirname(__FILE__), '../../test/abstract_unit.rb')),
+      response.body
+  end
+
   def test_dynamic_render_file_hash
     e = assert_raises ArgumentError do
       get :dynamic_render, { id: { file: '../\\../test/abstract_unit.rb' } }