From 04ccf9987b4a83495999c99f7a67c38b2fab67f4 Mon Sep 17 00:00:00 2001
From: Louise Crow <louise.crow@gmail.com>
Date: Tue, 9 Sep 2014 18:48:55 +0100
Subject: Whitelist user controller signup params

---
 app/controllers/user_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/controllers/user_controller.rb')

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 8d6522923..70036341c 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -199,7 +199,7 @@ class UserController < ApplicationController
         work_out_post_redirect
         @request_from_foreign_country = country_from_ip != AlaveteliConfiguration::iso_country_code
         # Make the user and try to save it
-        @user_signup = User.new(params[:user_signup])
+        @user_signup = User.new(user_params(:user_signup))
         error = false
         if @request_from_foreign_country && !verify_recaptcha
             flash.now[:error] = _("There was an error with the words you entered, please try again.")
@@ -601,6 +601,10 @@ class UserController < ApplicationController
 
     private
 
+    def user_params(key = :user)
+        params[key].slice(:name, :email, :password, :password_confirmation)
+    end
+
     def is_modal_dialog
         (params[:modal].to_i != 0)
     end
-- 
cgit v1.2.3