From 39a722600ca0c41125c434c3fadb1d799c22ec5d Mon Sep 17 00:00:00 2001 From: Matchu Date: Sat, 29 Jul 2023 10:29:09 -0700 Subject: [PATCH] Use strong parameters for Donation --- app/controllers/donations_controller.rb | 8 +++++++- app/models/donation.rb | 2 -- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/app/controllers/donations_controller.rb b/app/controllers/donations_controller.rb index 438646ac..d12d4541 100644 --- a/app/controllers/donations_controller.rb +++ b/app/controllers/donations_controller.rb @@ -25,7 +25,7 @@ class DonationsController < ApplicationController def update @donation = Donation.from_param(params[:id]) - @donation.update_attributes params[:donation] + @donation.attributes = donation_params feature_params = params[:feature] || {} @features = @donation.features.find(feature_params.keys) @@ -47,4 +47,10 @@ class DonationsController < ApplicationController redirect_to @donation end end + + private + + def donation_params + params.require(:donation).permit(:donor_name) + end end diff --git a/app/models/donation.rb b/app/models/donation.rb index 2c98c107..fee9de9a 100644 --- a/app/models/donation.rb +++ b/app/models/donation.rb @@ -1,8 +1,6 @@ class Donation < ActiveRecord::Base FEATURE_COST = 500 # in cents = $5.00 - attr_accessible :donor_name - belongs_to :campaign belongs_to :user has_many :features, class_name: 'DonationFeature'