aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib/active_model/forbidden_attributes_protection.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix AC::Parameters not being sanitized for query methods.Guo Xiang Tan2015-10-021-2/+3
|
* Check attributes passed to create_with and whereRafael Mendonça França2014-08-181-0/+1
| | | | | | | | | | | If the request parameters are passed to create_with and where they can be used to do mass assignment when used in combination with Relation#create. Fixes CVE-2014-3514 Conflicts: activerecord/lib/active_record/relation/query_methods.rb
* rm dead codeAaron Patterson2012-11-091-1/+1
|
* change AMo::ForbiddenAttributesProtection#sanitize_for_mass_assignment to ↵Francesco Rodriguez2012-09-201-7/+8
| | | | protected
* update AMo::ForbiddenAttributesError documentation [ci skip]Francesco Rodriguez2012-09-201-0/+12
|
* Rename ForbiddenAttributes exception to ForbiddenAttributesErrorGuillermo Iguaran2012-09-161-2/+2
|
* Remove MassAssignmentSecurity from ActiveModelGuillermo Iguaran2012-09-161-4/+4
| | | | This will be moved out to protected_attributes gem
* Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gemGuillermo Iguaran2012-09-161-0/+14