13
14
15
16
17
18
19
20
21
|
# File 'lib/rails-security-backports/rails-cve-backports/cve-2013-0276.rb', line 13
def remove_attributes_protected_from_mass_assignment(attributes)
if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil?
attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
elsif self.class.protected_attributes.nil?
attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/m, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
elsif self.class.accessible_attributes.nil?
attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/m,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/m, "")) }
end
end
|