From 3d08614826e18e005818c7685b9bc4cdc28f77af Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sat, 5 Jan 2013 18:03:24 +0100
Subject: No need to give an example where there is generated code right there
 to serve as the example

---
 .../generators/rails/scaffold_controller/templates/controller.rb    | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'railties')

diff --git a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
index 2512ce0af1..e11d357314 100644
--- a/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
+++ b/railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
@@ -104,11 +104,7 @@ class <%= controller_class_name %>Controller < ApplicationController
       @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
     end
 
-    # Use this method to whitelist the permissible parameters. Example:
-    #   params.require(:person).permit(:name, :age)
-    #
-    # Also, you can specialize this method with per-user checking of permissible
-    # attributes.
+    # Never trust parameters from the scary internet, only allow the white list through.
     def <%= "#{singular_table_name}_params" %>
       <%- if attributes_names.empty? -%>
       params[<%= ":#{singular_table_name}" %>]
-- 
cgit v1.2.3