Re-do Getting Started application with Rails 4.

The sample application with the Getting Started Guide was very out of
date. I've re-done it on edge (as of 51b9def5bf108fb566e) so it should
be good to go with Rails 4. It's also in synch with what the guide
actually says.

4 files changed, 23 insertions, 21 deletions

diff --git a/guides/code/getting_started/app/controllers/application_controller.rb b/guides/code/getting_started/app/controllers/application_controller.rb
index e8065d9505..d83690e1b9 100644
--- a/guides/code/getting_started/app/controllers/application_controller.rb
+++ b/guides/code/getting_started/app/controllers/application_controller.rb
@@ -1,3 +1,5 @@
 class ApplicationController < ActionController::Base
-  protect_from_forgery
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
 end
diff --git a/guides/code/getting_started/app/controllers/comments_controller.rb b/guides/code/getting_started/app/controllers/comments_controller.rb
index cf3d1be42e..0082e9c8ec 100644
--- a/guides/code/getting_started/app/controllers/comments_controller.rb
+++ b/guides/code/getting_started/app/controllers/comments_controller.rb
@@ -1,9 +1,10 @@
 class CommentsController < ApplicationController
-	http_basic_authenticate_with :name => "dhh", :password => "secret", :only => :destroy
 
+  http_basic_authenticate_with name: "dhh", password: "secret", only: :destroy
+  
   def create
     @post = Post.find(params[:post_id])
-    @comment = @post.comments.create(params[:comment])
+    @comment = @post.comments.create(params[:comment].permit(:commenter, :body))
     redirect_to post_path(@post)
   end
 
@@ -13,5 +14,4 @@ class CommentsController < ApplicationController
     @comment.destroy
     redirect_to post_path(@post)
   end
-
 end
diff --git a/guides/code/getting_started/app/controllers/concerns/.keep b/guides/code/getting_started/app/controllers/concerns/.keep
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/guides/code/getting_started/app/controllers/concerns/.keep
diff --git a/guides/code/getting_started/app/controllers/posts_controller.rb b/guides/code/getting_started/app/controllers/posts_controller.rb
index b74c66ef13..0398395200 100644
--- a/guides/code/getting_started/app/controllers/posts_controller.rb
+++ b/guides/code/getting_started/app/controllers/posts_controller.rb
@@ -1,7 +1,7 @@
 class PostsController < ApplicationController
 
-  http_basic_authenticate_with :name => "dhh", :password => "secret", :except => [:index, :show]
-
+  http_basic_authenticate_with name: "dhh", password: "secret", except: [:index, :show]
+  
   def index
     @posts = Post.all
   end
@@ -10,31 +10,31 @@ class PostsController < ApplicationController
     @post = Post.find(params[:id])
   end
 
-  def new
-    @post = Post.new
+  def edit
+    @post = Post.find(params[:id])
   end
 
-  def create
-    @post = Post.new(params[:post])
+  def update
+    @post = Post.find(params[:id])
 
-    if @post.save
-      redirect_to :action => :show, :id => @post.id
+    if @post.update(params[:post].permit(:title, :text))
+      redirect_to action: :show, id: @post.id
     else
-      render 'new'
+      render 'edit'
     end
   end
 
-  def edit
-    @post = Post.find(params[:id])
+  def new
+    @post = Post.new
   end
 
-  def update
-    @post = Post.find(params[:id])
+  def create
+    @post = Post.new(params[:post].permit(:title, :text))
 
-    if @post.update(params[:post])
-      redirect_to :action => :show, :id => @post.id
+    if @post.save
+      redirect_to action: :show, id: @post.id
     else
-      render 'edit'
+      render 'new'
     end
   end
 
@@ -42,6 +42,6 @@ class PostsController < ApplicationController
     @post = Post.find(params[:id])
     @post.destroy
 
-    redirect_to :action => :index
+    redirect_to action: :index
   end
 end