Use strong parameters for Donation

app/controllers/donations_controller.rb

@@ -25,7 +25,7 @@ class DonationsController < ApplicationController
 
   def update
     @donation = Donation.from_param(params[:id])
-    @donation.update_attributes params[:donation]
+    @donation.attributes = donation_params
 
     feature_params = params[:feature] || {}
     @features = @donation.features.find(feature_params.keys)
@@ -47,4 +47,10 @@ class DonationsController < ApplicationController
       redirect_to @donation
     end
   end
+
+  private
+
+  def donation_params
+    params.require(:donation).permit(:donor_name)
+  end
 end

app/models/donation.rb

@@ -1,8 +1,6 @@
 class Donation < ActiveRecord::Base
   FEATURE_COST = 500  # in cents = $5.00
 
-  attr_accessible :donor_name
-
   belongs_to :campaign
   belongs_to :user
   has_many :features, class_name: 'DonationFeature'