Fix ActionController::Parameters in API issue

author: Eugen Rochko <eugen@zeonfederated.com> 2017-04-04 01:33:34 +0200
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-04-04 01:33:34 +0200
commit: 4c53af64f0b10bc11473df5e3fd1cd7a11b755f6 (patch)
tree: 9bad122ae3a66b4171f48947cbb33496e2f8b2de /app/controllers/api/v1/follows_controller.rb
parent: f722bd2387df9163760014e9555928ec487ae95f (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/app/controllers/api/v1/follows_controller.rb b/app/controllers/api/v1/follows_controller.rb
index c22dacbaa..7c0f44f03 100644
--- a/app/controllers/api/v1/follows_controller.rb
+++ b/app/controllers/api/v1/follows_controller.rb
@@ -7,7 +7,7 @@ class Api::V1::FollowsController < ApiController
   respond_to :json
 
   def create
-    raise ActiveRecord::RecordNotFound if params[:uri].blank?
+    raise ActiveRecord::RecordNotFound if follow_params[:uri].blank?
 
     @account = FollowService.new.call(current_user.account, target_uri).try(:target_account)
     render action: :show
@@ -16,6 +16,10 @@ class Api::V1::FollowsController < ApiController
   private
 
   def target_uri
-    params[:uri].strip.gsub(/\A@/, '')
+    follow_params[:uri].strip.gsub(/\A@/, '')
+  end
+
+  def follow_params
+    params.permit(:uri)
   end
 end
author	Eugen Rochko <eugen@zeonfederated.com>	2017-04-04 01:33:34 +0200
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-04-04 01:33:34 +0200
commit	4c53af64f0b10bc11473df5e3fd1cd7a11b755f6 (patch)
tree	9bad122ae3a66b4171f48947cbb33496e2f8b2de /app/controllers/api/v1/follows_controller.rb
parent	f722bd2387df9163760014e9555928ec487ae95f (diff)