From ed7567ca7aa4ea3f29236229f4c1d366550a0c5c Mon Sep 17 00:00:00 2001
From: Abe Voelker <abe@abevoelker.com>
Date: Fri, 9 Mar 2012 15:15:01 -0600
Subject: Fix 'Security#Mass Assignment' URL typo

---
 railties/guides/source/security.textile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'railties')

diff --git a/railties/guides/source/security.textile b/railties/guides/source/security.textile
index c2ef7bf9b5..3f2d307792 100644
--- a/railties/guides/source/security.textile
+++ b/railties/guides/source/security.textile
@@ -374,7 +374,7 @@ end
 Mass-assignment saves you much work, because you don't have to set each value individually. Simply pass a hash to the +new+ method, or +assign_attributes=+ a hash value, to set the model's attributes to the values in the hash. The problem is that it is often used in conjunction with the parameters (params) hash available in the controller, which may be manipulated by an attacker. He may do so by changing the URL like this:
 
 <pre>
-"name":http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
+http://www.example.com/user/signup?user[name]=ow3ned&user[admin]=1
 </pre>
 
 This will set the following parameters in the controller:
-- 
cgit v1.2.3