From cdbf2d7d92adb8bb688a9ef5afaaf7e5d9f35f3b Mon Sep 17 00:00:00 2001
From: cktricky <cktricky@gmail.com>
Date: Tue, 18 Aug 2015 20:23:35 -0400
Subject: [PATCH] mass assignment vulnerability, how it manifests in Rails 4

---
 app/controllers/users_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 5d812df..58ca211 100755
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -55,7 +55,7 @@ class UsersController < ApplicationController
   private
 
   def user_params
-    params.require(:user).permit(:email, :admin, :first_name, :last_name, :user_id, :password, :password_confirmation)
+    params.require(:user).permit!
   end
 
   # unpermitted attributes are ignored in production