Handle strong params in credit card controllers

2026-03-01 02:03:22 +00:00 · 2020-02-23 17:43:54 +00:00
parent 913ea5b883
commit 6bd72f44de
1 changed files with 5 additions and 1 deletions
--- a/app/controllers/spree/credit_cards_controller.rb
+++ b/app/controllers/spree/credit_cards_controller.rb
@@ -26,7 +26,7 @@ module Spree

      authorize! :update, @credit_card

-      if @credit_card.update_attributes(params[:credit_card])
+      if @credit_card.update_attributes(credit_card_params)
        render json: @credit_card, serializer: ::Api::CreditCardSerializer, status: :ok
      else
        update_failed
@@ -96,5 +96,9 @@ module Spree
    def update_failed
      render json: { flash: { error: t(:card_could_not_be_updated) } }, status: :bad_request
    end
+
+    def credit_card_params
+      params.require(:credit_card).permit(:is_default, :year, :month)
+    end
  end
 end