From ceea0d4a3647ad923b9c4553c025f41e503f15ad Mon Sep 17 00:00:00 2001
From: alejandro <janderl@gmail.com>
Date: Thu, 6 Apr 2017 11:54:59 +0200
Subject: [PATCH] sanitizes params for views

---
 app/models/budget/investment.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/budget/investment.rb b/app/models/budget/investment.rb
index 3bf62613d..37d202c56 100644
--- a/app/models/budget/investment.rb
+++ b/app/models/budget/investment.rb
@@ -109,7 +109,7 @@ class Budget
     end
 
     def self.filter_params(params)
-      params.select{ |x, _| %w{heading_id group_id administrator_id tag_name valuator_id}.include?(x.to_s) }
+      params.permit(%i[heading_id group_id administrator_id tag_name valuator_id])
     end
 
     def self.scoped_filter(params, current_filter)