From f77194875c1446b86455627543b77b2c0574f7bc Mon Sep 17 00:00:00 2001
From: Matt-Yorkley <9029026+Matt-Yorkley@users.noreply.github.com>
Date: Mon, 23 Dec 2019 12:24:04 +0100
Subject: [PATCH] Add strong parameters to orders_controller.rb

---
 app/controllers/spree/admin/orders_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/spree/admin/orders_controller.rb b/app/controllers/spree/admin/orders_controller.rb
index 2ddc9dccc7..4858b98d7e 100644
--- a/app/controllers/spree/admin/orders_controller.rb
+++ b/app/controllers/spree/admin/orders_controller.rb
@@ -44,7 +44,7 @@ module Spree
       end
 
       def update
-        unless @order.update_attributes(params[:order]) && @order.line_items.present?
+        unless @order.update_attributes(order_params) && @order.line_items.present?
           if @order.line_items.empty?
             @order.errors.add(:line_items, Spree.t('errors.messages.blank'))
           end
@@ -108,6 +108,10 @@ module Spree
 
       private
 
+      def order_params
+        params.require(:order).permit(:distributor_id, :order_cycle_id)
+      end
+
       def load_order
         @order = Order.find_by_number!(params[:id], include: :adjustments) if params[:id]
         authorize! action, @order