diff options
author | Guillermo Iguaran <guilleiguaran@gmail.com> | 2012-07-17 02:34:57 -0500 |
---|---|---|
committer | Guillermo Iguaran <guilleiguaran@gmail.com> | 2012-09-16 23:58:19 -0500 |
commit | 8020f71df120f80fd7db9ab568c8d0d6d1ad4e28 (patch) | |
tree | 5e6fa3226871f385f0a154d566ddaf0b713f49a4 /activerecord/lib/active_record/nested_attributes.rb | |
parent | f8c9a4d3e88181cee644f91e1342bfe896ca64c6 (diff) | |
download | rails-8020f71df120f80fd7db9ab568c8d0d6d1ad4e28.tar.gz rails-8020f71df120f80fd7db9ab568c8d0d6d1ad4e28.tar.bz2 rails-8020f71df120f80fd7db9ab568c8d0d6d1ad4e28.zip |
Remove mass assignment security from ActiveRecord
Diffstat (limited to 'activerecord/lib/active_record/nested_attributes.rb')
-rw-r--r-- | activerecord/lib/active_record/nested_attributes.rb | 16 |
1 files changed, 1 insertions, 15 deletions
diff --git a/activerecord/lib/active_record/nested_attributes.rb b/activerecord/lib/active_record/nested_attributes.rb index 3005dc042c..6d535e4ffa 100644 --- a/activerecord/lib/active_record/nested_attributes.rb +++ b/activerecord/lib/active_record/nested_attributes.rb @@ -194,18 +194,6 @@ module ActiveRecord # the parent model is saved. This happens inside the transaction initiated # by the parents save method. See ActiveRecord::AutosaveAssociation. # - # === Using with attr_accessible - # - # The use of <tt>attr_accessible</tt> can interfere with nested attributes - # if you're not careful. For example, if the <tt>Member</tt> model above - # was using <tt>attr_accessible</tt> like this: - # - # attr_accessible :name - # - # You would need to modify it to look like this: - # - # attr_accessible :name, :posts_attributes - # # === Validating the presence of a parent model # # If you want to validate that a child record is associated with a parent @@ -224,9 +212,7 @@ module ActiveRecord module ClassMethods REJECT_ALL_BLANK_PROC = proc { |attributes| attributes.all? { |key, value| key == '_destroy' || value.blank? } } - # Defines an attributes writer for the specified association(s). If you - # are using <tt>attr_protected</tt> or <tt>attr_accessible</tt>, then you - # will need to add the attribute writer to the allowed list. + # Defines an attributes writer for the specified association(s). # # Supported options: # [:allow_destroy] |