diff --git a/app/controllers/blocks_controller.rb b/app/controllers/blocks_controller.rb
index 237ef4d97c391da84ad2be5928103c35f6d042a6..f6f13ed7c78b3f40be2e3ed621e713da0f3ed619 100644
--- a/app/controllers/blocks_controller.rb
+++ b/app/controllers/blocks_controller.rb
@@ -4,7 +4,7 @@ class BlocksController < ApplicationController
   respond_to :html, :json
 
   def create
-    block = current_user.blocks.new(params[:block])
+    block = current_user.blocks.new(block_params)
 
     if block.save
       disconnect_if_contact(block.person)
@@ -39,4 +39,8 @@ class BlocksController < ApplicationController
       current_user.disconnect(contact, :force => true)
     end
   end
+
+  def block_params
+    params.require(:block).permit(:person_id)
+  end
 end
diff --git a/app/models/block.rb b/app/models/block.rb
index 1eba8f4c8def2cd799c85769c5b5018b8d10d76c..146227ad4b2e0a494f875ace7e64e41969e99d9d 100644
--- a/app/models/block.rb
+++ b/app/models/block.rb
@@ -1,4 +1,6 @@
 class Block < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+  
   belongs_to :person
   belongs_to :user