mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Fix typo.
This commit is contained in:
parent
473f63734a
commit
789fabf01f
1 changed files with 2 additions and 2 deletions
|
@ -767,7 +767,7 @@ Why do you have to bother? The ability to grab and automatically assign all
|
||||||
controller parameters to your model in one shot makes the programmer's job
|
controller parameters to your model in one shot makes the programmer's job
|
||||||
easier, but this convenience also allows malicious use. What if a request to
|
easier, but this convenience also allows malicious use. What if a request to
|
||||||
the server was crafted to look like a new article form submit but also included
|
the server was crafted to look like a new article form submit but also included
|
||||||
extra fields with values that violated your applications integrity? They would
|
extra fields with values that violated your application's integrity? They would
|
||||||
be 'mass assigned' into your model and then into the database along with the
|
be 'mass assigned' into your model and then into the database along with the
|
||||||
good stuff - potentially breaking your application or worse.
|
good stuff - potentially breaking your application or worse.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue