Code for Upgrading to Rails 4 Strong Parameters : http://iconoclastlabs.com/cms/blog/posts/upgrading-to-rails-4-parameters-security-tour

appetizer.rb

  1 class Appetizer < ActiveRecord::Base
  2   include ActiveModel::ForbiddenAttributesProtection
  3 end

appetizers_controller.rb

 40   # POST /appetizers
 41   # POST /appetizers.json
 42   def create
 43     @appetizer = Appetizer.new(params[:appetizer])
 44
 45     respond_to do |format|
 46       if @appetizer.save
 47         format.html { redirect_to @appetizer, notice: 'Appetizer was successfully created.' }
 48         format.json { render json: @appetizer, status: :created, location: @appetizer }
 49       else
 50         format.html { render action: "new" }
 51         format.json { render json: @appetizer.errors, status: :unprocessable_entity }
 52       end
 53     end
 54   end

desserts_controller.rb

 40   # POST /desserts
 41   # POST /desserts.json
 42   def create
 43     @dessert = Dessert.new(dessert_params)
 44
 45     respond_to do |format|
 46       if @dessert.save
 47         format.html { redirect_to @dessert, notice: 'Dessert was successfully created.' }
 48         format.json { render json: @dessert, status: :created, location: @dessert }
 49       else
 50         format.html { render action: "new" }
 51         format.json { render json: @dessert.errors, status: :unprocessable_entity }
 52       end
 53     end
 54   end


 84   private
 85
 86     # Use this method to whitelist the permissible parameters. Example:
 87     # params.require(:person).permit(:name, :age)
 88     # Also, you can specialize this method with per-user checking of permissible attributes.
 89     def dessert_params
 90       params.require(:dessert).permit(:name, :recipe, :title)
 91     end