We're updating the issue view to help you get more done. 

Strong parameters: Admin settings

Description

Brakeman says:
Admin::SettingsController
index
Unprotected mass assignment near line 6: AdminSetting.create(:last_updated_by => Admin.first)

Admin::SettingsController
update
Unprotected mass assignment near line 12: AdminSetting.create(:last_updated_by => Admin.first)

How to test:
This has 100% test coverage, but for manual testing:
1. Log in as admin at http://test.ao3.org/admin/login
2. Follow the "Settings" link in the admin navigation
3. Make sure you can update various admin settings, and that the "Last updated" at the bottom of the page at least kind of reflects reality (note that exists)

Environment

Status

Assignee

Kamil Ogórek

Reporter

Sarken

Roadmap

Admin

Priority

Medium

Affects versions

0.9.168

Fix versions

Components

BackEnd

Difficulty

Medium

Required Access Level

Admin

Epic Link

Milestone

Internal 0.9