Affects Version/s: 0.9.169
Fix Version/s: 0.9.182
Unprotected mass assignment near line 24: InviteRequest.new(params[:invite_request])
How to test:
We have 80% automated test coverage on /app/controllers/invite_requests_controller.rb (not to be confused with USER invite requests). This is for the create action, so we want to make sure we can request an invite.
1. Log out
2. Follow "Get Invited" on the homepage
3. Fill in the "Email" field for "Add yourself to the list"
4. Press "Add me to the list"
It should work! And if you leave the email address field blank, you should get an error message like:
Sorry! We couldn't save this invite request because:
Email can't be blank
Email does not seem to be a valid address.