From 06a3a8a458e70c1b6531ac53c57a302b162fd736 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Mon, 5 Mar 2012 11:12:01 +1300
Subject: Whitelist all attribute assignment by default.

Change the default for newly generated applications to whitelist all attribute assignment.  Also update the generated model classes so users are reminded of the importance of attr_accessible.
---
 railties/lib/rails/generators/rails/app/templates/config/application.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties/lib')

diff --git a/railties/lib/rails/generators/rails/app/templates/config/application.rb b/railties/lib/rails/generators/rails/app/templates/config/application.rb
index c6dfa1f2dd..41e2d5dcc5 100644
--- a/railties/lib/rails/generators/rails/app/templates/config/application.rb
+++ b/railties/lib/rails/generators/rails/app/templates/config/application.rb
@@ -58,7 +58,7 @@ module <%= app_const_base %>
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    # config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = true
 
 <% unless options.skip_sprockets? -%>
     # Enable the asset pipeline
-- 
cgit v1.2.3