From 3cb79cac2c759ef46ff55606fab041c8ba49aec6 Mon Sep 17 00:00:00 2001
From: Cody Cutrer <cody@instructure.com>
Date: Tue, 7 Jul 2015 11:55:09 -0600
Subject: [PATCH] mark several models as using strong_params

Change-Id: Ia925f291df671630dd6a30f3a4e566cfebe08d4b
Reviewed-on: https://gerrit.instructure.com/57842
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
---
 app/controllers/bookmarks/bookmarks_controller.rb | 2 +-
 app/models/bookmarks/bookmark.rb                  | 1 +
 app/models/gradebook_csv.rb                       | 2 ++
 app/models/gradebook_upload.rb                    | 2 ++
 app/models/quizzes/quiz_submission_event.rb       | 2 ++
 app/models/sis_post_grades_status.rb              | 2 ++
 6 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/controllers/bookmarks/bookmarks_controller.rb b/app/controllers/bookmarks/bookmarks_controller.rb
index c8f4102a199..6fb3ea0ca24 100644
--- a/app/controllers/bookmarks/bookmarks_controller.rb
+++ b/app/controllers/bookmarks/bookmarks_controller.rb
@@ -148,7 +148,7 @@ class Bookmarks::BookmarksController < ApplicationController
   end
 
   def valid_params
-    params.slice(:name, :url, :data).merge({user_id: user_id})
+    strong_params.permit(:name, :url).merge(user_id: user_id).merge(params.slice(:data))
   end
 
   def set_position
diff --git a/app/models/bookmarks/bookmark.rb b/app/models/bookmarks/bookmark.rb
index 5689219e986..440e7d0a216 100644
--- a/app/models/bookmarks/bookmark.rb
+++ b/app/models/bookmarks/bookmark.rb
@@ -1,5 +1,6 @@
 class Bookmarks::Bookmark < ActiveRecord::Base
   acts_as_list scope: :user_id
+  strong_params
 
   def data
     json ? JSON.parse(json) : nil
diff --git a/app/models/gradebook_csv.rb b/app/models/gradebook_csv.rb
index 25df643da61..e1596e867e6 100644
--- a/app/models/gradebook_csv.rb
+++ b/app/models/gradebook_csv.rb
@@ -16,6 +16,8 @@
 # with this program. If not, see <http://www.gnu.org/licenses/>.
 #
 class GradebookCsv < ActiveRecord::Base
+  strong_params
+
   belongs_to :course, inverse_of: :gradebook_csvs
   belongs_to :user
   belongs_to :attachment
diff --git a/app/models/gradebook_upload.rb b/app/models/gradebook_upload.rb
index 94471d1951e..0f7efe61717 100644
--- a/app/models/gradebook_upload.rb
+++ b/app/models/gradebook_upload.rb
@@ -17,6 +17,8 @@
 #
 
 class GradebookUpload < ActiveRecord::Base
+  strong_params
+
   belongs_to :course
   belongs_to :user
   belongs_to :progress
diff --git a/app/models/quizzes/quiz_submission_event.rb b/app/models/quizzes/quiz_submission_event.rb
index dec1c121b2d..14a8f84749d 100644
--- a/app/models/quizzes/quiz_submission_event.rb
+++ b/app/models/quizzes/quiz_submission_event.rb
@@ -17,6 +17,8 @@
 #
 
 class Quizzes::QuizSubmissionEvent < ActiveRecord::Base
+  strong_params
+
   include CanvasPartman::Concerns::Partitioned
 
   # An event describing the student choosing an answer to a question.
diff --git a/app/models/sis_post_grades_status.rb b/app/models/sis_post_grades_status.rb
index 697b8d14270..f754138bce2 100644
--- a/app/models/sis_post_grades_status.rb
+++ b/app/models/sis_post_grades_status.rb
@@ -17,6 +17,8 @@
 #
 
 class SisPostGradesStatus < ActiveRecord::Base
+  strong_params
+
   ALLOWED_STATUSES = %w{success warning failed}
   belongs_to :course
   belongs_to :course_section