aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib/active_model/forbidden_attributes_protection.rb
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"Matthew Draper2017-07-021-1/+0
| | | | | This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
* Enforce frozen string in RubocopKir Shatrov2017-07-011-0/+1
|
* Privatize unneededly protected methods in Active ModelAkira Matsuda2016-12-241-1/+1
|
* Fix AC::Parameters not being sanitized for query methods.Guo Xiang Tan2015-10-021-2/+3
|
* Check attributes passed to create_with and whereRafael Mendonça França2014-08-181-0/+1
| | | | | | | | | | | If the request parameters are passed to create_with and where they can be used to do mass assignment when used in combination with Relation#create. Fixes CVE-2014-3514 Conflicts: activerecord/lib/active_record/relation/query_methods.rb
* rm dead codeAaron Patterson2012-11-091-1/+1
|
* change AMo::ForbiddenAttributesProtection#sanitize_for_mass_assignment to ↵Francesco Rodriguez2012-09-201-7/+8
| | | | protected
* update AMo::ForbiddenAttributesError documentation [ci skip]Francesco Rodriguez2012-09-201-0/+12
|
* Rename ForbiddenAttributes exception to ForbiddenAttributesErrorGuillermo Iguaran2012-09-161-2/+2
|
* Remove MassAssignmentSecurity from ActiveModelGuillermo Iguaran2012-09-161-4/+4
| | | | This will be moved out to protected_attributes gem
* Integrate ActiveModel::ForbiddenAttributesProtection from StrongParameters gemGuillermo Iguaran2012-09-161-0/+14