From 509a407286e102a1fe59b3d18b4fc6088a72204e Mon Sep 17 00:00:00 2001
From: James Fleming <jflemingprod@gmail.com>
Date: Thu, 27 Jun 2013 16:32:33 +0200
Subject: [PATCH] Strong parameters for Block

---
 app/controllers/blocks_controller.rb | 6 +++++-
 app/models/block.rb                  | 2 ++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/controllers/blocks_controller.rb b/app/controllers/blocks_controller.rb
index 237ef4d97c..f6f13ed7c7 100644
--- a/app/controllers/blocks_controller.rb
+++ b/app/controllers/blocks_controller.rb
@@ -4,7 +4,7 @@ class BlocksController < ApplicationController
   respond_to :html, :json
 
   def create
-    block = current_user.blocks.new(params[:block])
+    block = current_user.blocks.new(block_params)
 
     if block.save
       disconnect_if_contact(block.person)
@@ -39,4 +39,8 @@ class BlocksController < ApplicationController
       current_user.disconnect(contact, :force => true)
     end
   end
+
+  def block_params
+    params.require(:block).permit(:person_id)
+  end
 end
diff --git a/app/models/block.rb b/app/models/block.rb
index 1eba8f4c8d..146227ad4b 100644
--- a/app/models/block.rb
+++ b/app/models/block.rb
@@ -1,4 +1,6 @@
 class Block < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+  
   belongs_to :person
   belongs_to :user
 
-- 
GitLab