`params.permitted?` is false by default

In the docs: "+permit_all_parameters+ - If it's +true+, all the parameters will be permitted by default. The default is +false+."
author: Jon Moss <me@jonathanmoss.me> 2016-06-22 14:34:30 -0400
committer: Jon Moss <me@jonathanmoss.me> 2016-06-23 09:56:18 -0400
commit: 19eec522978348bcae8f733ee3dcdcffd5d4a2be (patch)
tree: 9e0737f769625f8261fa2b9de8521c0eb8587a1a /actionpack/lib/action_controller/metal/strong_parameters.rb
parent: abec128cb501023f1b2d0327139b5cb0b670b5f1 (diff)
download: rails-19eec522978348bcae8f733ee3dcdcffd5d4a2be.tar.gz
rails-19eec522978348bcae8f733ee3dcdcffd5d4a2be.tar.bz2
rails-19eec522978348bcae8f733ee3dcdcffd5d4a2be.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/strong_parameters.rb b/actionpack/lib/action_controller/metal/strong_parameters.rb
index 6b53f90c14..b326695ce2 100644
--- a/actionpack/lib/action_controller/metal/strong_parameters.rb
+++ b/actionpack/lib/action_controller/metal/strong_parameters.rb
@@ -106,6 +106,8 @@ module ActionController
   #   params["key"] # => "value"
   class Parameters
     cattr_accessor :permit_all_parameters, instance_accessor: false
+    self.permit_all_parameters = false
+
     cattr_accessor :action_on_unpermitted_parameters, instance_accessor: false
 
     delegate :keys, :key?, :has_key?, :values, :has_value?, :value?, :empty?, :include?,
author	Jon Moss <me@jonathanmoss.me>	2016-06-22 14:34:30 -0400
committer	Jon Moss <me@jonathanmoss.me>	2016-06-23 09:56:18 -0400
commit	19eec522978348bcae8f733ee3dcdcffd5d4a2be (patch)
tree	9e0737f769625f8261fa2b9de8521c0eb8587a1a /actionpack/lib/action_controller/metal/strong_parameters.rb
parent	abec128cb501023f1b2d0327139b5cb0b670b5f1 (diff)
download	rails-19eec522978348bcae8f733ee3dcdcffd5d4a2be.tar.gz rails-19eec522978348bcae8f733ee3dcdcffd5d4a2be.tar.bz2 rails-19eec522978348bcae8f733ee3dcdcffd5d4a2be.zip