Skip to content
This repository
Browse code

fixes the plus sign properly [ci skip]

  • Loading branch information...
commit e1dbcdcacf62d13914c9e7ec71f0f7319ad32b4a 1 parent d566fa7
Vijay Dev vijaydev authored

Showing 1 changed file with 1 addition and 1 deletion. Show diff stats Hide diff stats

  1. +1 1  railties/guides/source/security.textile
2  railties/guides/source/security.textile
Source Rendered
@@ -385,7 +385,7 @@ params[:user] # => {:name => “ow3ned”, :admin => true}
385 385
386 386 So if you create a new user using mass-assignment, it may be too easy to become an administrator.
387 387
388   -Note that this vulnerability is not restricted to database columns. Any setter method, unless explicitly protected, is accessible via the <tt>attributes=</tt> method. In fact, this vulnerability is extended even further with the introduction of nested mass assignment (and nested object forms) in Rails 2.3==+==. The +accepts_nested_attributes_for+ declaration provides us the ability to extend mass assignment to model associations (+has_many+, +has_one+, +has_and_belongs_to_many+). For example:
  388 +Note that this vulnerability is not restricted to database columns. Any setter method, unless explicitly protected, is accessible via the <tt>attributes=</tt> method. In fact, this vulnerability is extended even further with the introduction of nested mass assignment (and nested object forms) in Rails 2.3<plus>. The +accepts_nested_attributes_for+ declaration provides us the ability to extend mass assignment to model associations (+has_many+, +has_one+, +has_and_belongs_to_many+). For example:
389 389
390 390 <ruby>
391 391 class Person < ActiveRecord::Base

0 comments on commit e1dbcdc

Please sign in to comment.
Something went wrong with that request. Please try again.