set activerecord whitelist_attributes to true

author: Nihad Abbasov <narkoz.2008@gmail.com> 2012-09-26 11:17:17 -0700
committer: Nihad Abbasov <narkoz.2008@gmail.com> 2012-09-26 11:18:35 -0700
commit: 83efcabc829083f11553df0f1eb67a8fbbc3e000 (patch)
tree: 2017dc24ab9630ad9a227dffde27550ededcc92f /config/application.rb
parent: 4629cc44d6b7fa7ebdec8ce47bb0825e255d7763 (diff)
download: gitlab-ce-83efcabc829083f11553df0f1eb67a8fbbc3e000.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/config/application.rb b/config/application.rb
index ad41f19657f..27de3fa2436 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -39,6 +39,12 @@ module Gitlab
     # Configure sensitive parameters which will be filtered from the log file.
     config.filter_parameters += [:password]
 
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    config.active_record.whitelist_attributes = true
+
     # Enable the asset pipeline
     config.assets.enabled = true
author	Nihad Abbasov <narkoz.2008@gmail.com>	2012-09-26 11:17:17 -0700
committer	Nihad Abbasov <narkoz.2008@gmail.com>	2012-09-26 11:18:35 -0700
commit	83efcabc829083f11553df0f1eb67a8fbbc3e000 (patch)
tree	2017dc24ab9630ad9a227dffde27550ededcc92f /config/application.rb
parent	4629cc44d6b7fa7ebdec8ce47bb0825e255d7763 (diff)
download	gitlab-ce-83efcabc829083f11553df0f1eb67a8fbbc3e000.tar.gz