From 6bd72f44dec6e676f1a53f22d53535aa1c07bde9 Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sun, 23 Feb 2020 17:43:54 +0000
Subject: [PATCH] Handle strong params in credit card controllers

---
 app/controllers/spree/credit_cards_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/spree/credit_cards_controller.rb b/app/controllers/spree/credit_cards_controller.rb
index 3381a240e8..91d5e2d223 100644
--- a/app/controllers/spree/credit_cards_controller.rb
+++ b/app/controllers/spree/credit_cards_controller.rb
@@ -26,7 +26,7 @@ module Spree
 
       authorize! :update, @credit_card
 
-      if @credit_card.update_attributes(params[:credit_card])
+      if @credit_card.update_attributes(credit_card_params)
         render json: @credit_card, serializer: ::Api::CreditCardSerializer, status: :ok
       else
         update_failed
@@ -96,5 +96,9 @@ module Spree
     def update_failed
       render json: { flash: { error: t(:card_could_not_be_updated) } }, status: :bad_request
     end
+
+    def credit_card_params
+      params.require(:credit_card).permit(:is_default, :year, :month)
+    end
   end
 end