From c374bf5e49e5998bba91d10e9cb0470a5ead9891 Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Fri, 6 Nov 2020 01:54:04 +0000
Subject: [PATCH] Fix strong_params in API taxons_controller

---
 app/controllers/api/taxons_controller.rb | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/taxons_controller.rb b/app/controllers/api/taxons_controller.rb
index f6693fbaee..e389caea7b 100644
--- a/app/controllers/api/taxons_controller.rb
+++ b/app/controllers/api/taxons_controller.rb
@@ -22,7 +22,7 @@ module Api
 
     def create
       authorize! :create, Spree::Taxon
-      @taxon = Spree::Taxon.new(params[:taxon])
+      @taxon = Spree::Taxon.new(taxon_params[:taxon])
       @taxon.taxonomy_id = params[:taxonomy_id]
       taxonomy = Spree::Taxonomy.find_by(id: params[:taxonomy_id])
 
@@ -42,7 +42,7 @@ module Api
 
     def update
       authorize! :update, Spree::Taxon
-      if taxon.update(params[:taxon])
+      if taxon.update(taxon_params)
         render json: taxon, serializer: Api::TaxonSerializer, status: :ok
       else
         invalid_resource!(taxon)
@@ -66,5 +66,9 @@ module Api
     def taxon
       @taxon ||= taxonomy.taxons.find(params[:id])
     end
+
+    def taxon_params
+      params.permit(taxon: [:name, :parent_id])
+    end
   end
 end