spec/dummy/app/controllers/posts_controller.rb in media_magick-0.3.3 vs spec/dummy/app/controllers/posts_controller.rb in media_magick-0.4.0
- old
+ new
@@ -38,11 +38,11 @@
end
# POST /posts
# POST /posts.json
def create
- @post = Post.new(params[:post])
+ @post = Post.new(post_params)
respond_to do |format|
if @post.save
format.html { redirect_to @post, notice: 'Post was successfully created.' }
format.json { render json: @post, status: :created, location: @post }
@@ -57,11 +57,11 @@
# PUT /posts/1.json
def update
@post = Post.find(params[:id])
respond_to do |format|
- if @post.update_attributes(params[:post])
+ if @post.update_attributes(post_params)
format.html { redirect_to @post, notice: 'Post was successfully updated.' }
format.json { head :no_content }
else
format.html { render action: "edit" }
format.json { render json: @post.errors, status: :unprocessable_entity }
@@ -78,6 +78,12 @@
respond_to do |format|
format.html { redirect_to posts_url }
format.json { head :no_content }
end
end
+
+ private
+ # Never trust parameters from the scary internet, only allow the white list through.
+ def post_params
+ params.require(:post).permit(:title, :text)
+ end
end