Fix 'Security#Mass Assignment' URL typo

author: Abe Voelker <abe@abevoelker.com> 2012-03-09 15:15:01 -0600
committer: Abe Voelker <abe@abevoelker.com> 2012-03-09 15:15:01 -0600
commit: 35a0521c3c2e8cea397accb648f15f7e8b3cf8a8 (patch)
tree: f188d351d99b70fe453b6670bd3d4817f6c2249e /railties/guides/source/security.textile
parent: 2562404624bc7d314d05842f4e238aa145b5c78f (diff)
download: rails-35a0521c3c2e8cea397accb648f15f7e8b3cf8a8.tar.gz
rails-35a0521c3c2e8cea397accb648f15f7e8b3cf8a8.tar.bz2
rails-35a0521c3c2e8cea397accb648f15f7e8b3cf8a8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index b1a09c0c05..747a4d6791 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -374,7 +374,7 @@ end
 Mass-assignment saves you much work, because you don't have to set each value individually. Simply pass a hash to the +new+ method, or +assign_attributes=+ a hash value, to set the model's attributes to the values in the hash. The problem is that it is often used in conjunction with the parameters (params) hash available in the controller, which may be manipulated by an attacker. He may do so by changing the URL like this:
 
 <pre>
-"name":http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
+http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
 </pre>
 
 This will set the following parameters in the controller:
author	Abe Voelker <abe@abevoelker.com>	2012-03-09 15:15:01 -0600
committer	Abe Voelker <abe@abevoelker.com>	2012-03-09 15:15:01 -0600
commit	35a0521c3c2e8cea397accb648f15f7e8b3cf8a8 (patch)
tree	f188d351d99b70fe453b6670bd3d4817f6c2249e /railties/guides/source/security.textile
parent	2562404624bc7d314d05842f4e238aa145b5c78f (diff)
download	rails-35a0521c3c2e8cea397accb648f15f7e8b3cf8a8.tar.gz rails-35a0521c3c2e8cea397accb648f15f7e8b3cf8a8.tar.bz2 rails-35a0521c3c2e8cea397accb648f15f7e8b3cf8a8.zip