From c110f4832d575248620388eb6d8af335da996beb Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Sun, 23 Feb 2020 12:49:39 +0000
Subject: [PATCH] Handle strong params in spree/admin/products_controller

---
 app/controllers/spree/admin/products_controller.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/controllers/spree/admin/products_controller.rb b/app/controllers/spree/admin/products_controller.rb
index 0b18072869..ae085d2b11 100644
--- a/app/controllers/spree/admin/products_controller.rb
+++ b/app/controllers/spree/admin/products_controller.rb
@@ -160,10 +160,16 @@ module Spree
       private
 
       def product_set_from_params(params)
-        collection_hash = Hash[params[:products].each_with_index.map { |p, i| [i, p] }]
+        collection_hash = Hash[products_params.each_with_index.map { |p, i| [i, p] }]
         Spree::ProductSet.new(collection_attributes: collection_hash)
       end
 
+      def products_params
+        params.require(:products).map do |product|
+          ActionController::Parameters.new(product.to_hash).permit(:id, :name)
+        end
+      end
+
       def bulk_index_query(params)
         params[:filters].to_h.merge(page: params[:page], per_page: params[:per_page])
       end