From f2fa4837a8a888ee86997be892d0aa5bbd2b5fd0 Mon Sep 17 00:00:00 2001
From: lest <just.lest@gmail.com>
Date: Tue, 13 Dec 2011 10:14:38 +0300
Subject: commented whitelist mode enforcement for mass assignment

---
 .../lib/rails/generators/rails/app/templates/config/application.rb  | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'railties/lib/rails')

diff --git a/railties/lib/rails/generators/rails/app/templates/config/application.rb b/railties/lib/rails/generators/rails/app/templates/config/application.rb
index 40fd843b1b..c6dfa1f2dd 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/application.rb
+++ b/railties/lib/rails/generators/rails/app/templates/config/application.rb
@@ -54,6 +54,12 @@ module <%= app_const_base %>
     # like if you have constraints or database-specific column types
     # config.active_record.schema_format = :sql
 
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    # config.active_record.whitelist_attributes = true
+
 <% unless options.skip_sprockets? -%>
     # Enable the asset pipeline
     config.assets.enabled = true
-- 
cgit v1.2.3