From 35a0521c3c2e8cea397accb648f15f7e8b3cf8a8 Mon Sep 17 00:00:00 2001
From: Abe Voelker <abe@abevoelker.com>
Date: Fri, 9 Mar 2012 15:15:01 -0600
Subject: Fix 'Security#Mass Assignment' URL typo

---
 railties/guides/source/security.textile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/guides/source/security.textile')

diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index b1a09c0c05..747a4d6791 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -374,7 +374,7 @@ end
 Mass-assignment saves you much work, because you don't have to set each value individually. Simply pass a hash to the +new+ method, or +assign_attributes=+ a hash value, to set the model's attributes to the values in the hash. The problem is that it is often used in conjunction with the parameters (params) hash available in the controller, which may be manipulated by an attacker. He may do so by changing the URL like this:
 
 <pre>
-"name":http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
+http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
 </pre>
 
 This will set the following parameters in the controller:
-- 
cgit v1.2.3