mirror of
https://github.com/discourse/discourse.git
synced 2024-11-27 03:10:46 -06:00
0d01c33482
All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that. The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method. It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments. |
||
|---|---|---|
| .. | ||
| admin_controller.rb | ||
| api_controller.rb | ||
| dashboard_controller.rb | ||
| email_controller.rb | ||
| export_controller.rb | ||
| flags_controller.rb | ||
| groups_controller.rb | ||
| impersonate_controller.rb | ||
| reports_controller.rb | ||
| site_content_types_controller.rb | ||
| site_contents_controller.rb | ||
| site_customizations_controller.rb | ||
| site_settings_controller.rb | ||
| users_controller.rb | ||
| versions_controller.rb | ||