2 files changed, 15 insertions, 3 deletions

diff --git a/guides/code/getting_started/app/controllers/comments_controller.rb b/guides/code/getting_started/app/controllers/comments_controller.rb
index 0e3d2a6dde..b2d9bcdf7f 100644
--- a/guides/code/getting_started/app/controllers/comments_controller.rb
+++ b/guides/code/getting_started/app/controllers/comments_controller.rb
@@ -4,7 +4,7 @@ class CommentsController < ApplicationController
 
   def create
     @post = Post.find(params[:post_id])
-    @comment = @post.comments.create(params[:comment].permit(:commenter, :body))
+    @comment = @post.comments.create(comment_params)
     redirect_to post_path(@post)
   end
 
@@ -14,4 +14,10 @@ class CommentsController < ApplicationController
     @comment.destroy
     redirect_to post_path(@post)
   end
+
+  private
+
+    def comment_params
+      params.require(:comment).permit(:commenter, :body)
+    end
 end
diff --git a/guides/code/getting_started/app/controllers/posts_controller.rb b/guides/code/getting_started/app/controllers/posts_controller.rb
index 6aa1409170..02689ad67b 100644
--- a/guides/code/getting_started/app/controllers/posts_controller.rb
+++ b/guides/code/getting_started/app/controllers/posts_controller.rb
@@ -17,7 +17,7 @@ class PostsController < ApplicationController
   def update
     @post = Post.find(params[:id])
 
-    if @post.update(params[:post].permit(:title, :text))
+    if @post.update(post_params)
       redirect_to action: :show, id: @post.id
     else
       render 'edit'
@@ -29,7 +29,7 @@ class PostsController < ApplicationController
   end
 
   def create
-    @post = Post.new(params[:post].permit(:title, :text))
+    @post = Post.new(post_params)
 
     if @post.save
       redirect_to action: :show, id: @post.id
@@ -44,4 +44,10 @@ class PostsController < ApplicationController
 
     redirect_to action: :index
   end
+
+  private
+
+    def post_params
+      params.require(:post).permit(:title, :text)
+    end
 end