From e5ebf457656391b8457699032a56c321e2bc4ecb Mon Sep 17 00:00:00 2001
From: Luis Ramos <luisramos0@gmail.com>
Date: Tue, 25 Feb 2020 15:05:04 +0000
Subject: [PATCH] Improve strong params implementation on payment methods
 controller by specifying specific list of permitted attributes

---
 app/controllers/spree/admin/payment_methods_controller.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/app/controllers/spree/admin/payment_methods_controller.rb b/app/controllers/spree/admin/payment_methods_controller.rb
index c4c317abed..31efc89b05 100644
--- a/app/controllers/spree/admin/payment_methods_controller.rb
+++ b/app/controllers/spree/admin/payment_methods_controller.rb
@@ -93,7 +93,10 @@ module Spree
       private
 
       def payment_method_params
-        params.require(:payment_method).permit!
+        params.require(:payment_method).permit(
+          :name, :type, :environment, :preferred_password, :preferred_enterprise_id,
+          :distributor_ids => []
+        )
       end
 
       def force_environment