Details

    • Type: Improvement
    • Status: Deployed
    • Priority: Medium
    • Resolution: DeployedToBeta
    • Affects Version/s: 0.9.174
    • Fix Version/s: 0.9.180
    • Milestone:
      Internal 0.9
    • Difficulty:
      Medium
    • Roadmap:
      Skins
    • Components:
      BackEnd

      Description

      Brakeman says:
      SkinsController
      create
      Mass Assignment
      Unprotected mass assignment near line 113: WorkSkin.new(params[:skin])

      SkinsController
      create
      Mass Assignment
      Unprotected mass assignment near line 115: Skin.new(params[:skin])

      SkinsController
      update
      Mass Assignment
      Unprotected mass assignment near line 140: Skin.find_by_id(params[:id]).update_attributes(params[:ski...

      Looking at the sorted list of models that the strong parameters gem recommends you generate, it might be a good idea to add forbidden attribute protection to the WorkSkin and SkinParent model at the same time.

      How to test:
      79% automated test coverage, but more on the way. To test manually, you'll want to make sure you can create and edit both a work skin and a site skin.

        Attachments

          Activity

            People

            • Assignee:
              donat Don Denoncourt (Inactive)
              Reporter:
              sarken sarken
            • Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: