sanitizes params for views

2017-04-06 11:54:59 +02:00
parent fb81f45a73
commit ceea0d4a36
1 changed files with 1 additions and 1 deletions
--- a/app/models/budget/investment.rb
+++ b/app/models/budget/investment.rb
@@ -109,7 +109,7 @@ class Budget
    end

    def self.filter_params(params)
-      params.select{ |x, _| %w{heading_id group_id administrator_id tag_name valuator_id}.include?(x.to_s) }
+      params.permit(%i[heading_id group_id administrator_id tag_name valuator_id])
    end

    def self.scoped_filter(params, current_filter)