Use strong parameters in 'questionnaires_controller'

expertiza · Aug 30, 2015 · 9f41c4a · 9f41c4a
1 parent 855c8ac
commit 9f41c4a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/app/controllers/questionnaires_controller.rb b/app/controllers/questionnaires_controller.rb
@@ -100,7 +100,7 @@ def create
   end
 
   def create_questionnaire
-    @questionnaire = Object.const_get(params[:questionnaire][:type]).new(params[:questionnaire])
+    @questionnaire = Object.const_get(params[:questionnaire][:type]).new(questionnaire_params)
 
     # TODO: check for Quiz Questionnaire?
     if @questionnaire.type == "QuizQuestionnaire" #checking if it is a quiz questionnaire
@@ -327,11 +327,11 @@ def update_quiz
     @questionnaire = Questionnaire.find(params[:id])
     redirect_to :controller => 'submitted_content', :action => 'view', :id => params[:pid] if @questionnaire == nil
     if params['save']
-      @questionnaire.update_attributes(params[:questionnaire])
+      @questionnaire.update_attributes(questionnaire_params)
 
       for qid in params[:question].keys
         @question = Question.find(qid)
-        @question.update_attributes(params[:question][qid])
+        @question.update_attributes(question_params)
         @quiz_question_choices = QuizQuestionChoice.where(question_id: qid)
         i=1
         for quiz_question_choice in @quiz_question_choices

diff --git a/app/views/questionnaires/_quiz_questionnaire.html.erb b/app/views/questionnaires/_quiz_questionnaire.html.erb
@@ -59,7 +59,7 @@
               <% end %>
           </td>
           </tr>
-          <% i+=1 %> <br>
+          <% i+=1 %>
         <%end %>
 
       <% end %>