Enabled strong_parameters across all models/controllers.

All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.

app/controllers/admin/site_customizations_controller.rb

@@ -9,7 +9,7 @@ class Admin::SiteCustomizationsController < Admin::AdminController
   end
 
   def create
-    @site_customization = SiteCustomization.new(params[:site_customization])
+    @site_customization = SiteCustomization.new(site_customization_params)
     @site_customization.user_id = current_user.id
 
     respond_to do |format|
@@ -25,7 +25,7 @@ class Admin::SiteCustomizationsController < Admin::AdminController
     @site_customization = SiteCustomization.find(params[:id])
 
     respond_to do |format|
-      if @site_customization.update_attributes(params[:site_customization])
+      if @site_customization.update_attributes(site_customization_params)
         format.json { head :no_content }
       else
         format.json { render json: @site_customization.errors, status: :unprocessable_entity }
@@ -42,4 +42,10 @@ class Admin::SiteCustomizationsController < Admin::AdminController
     end
   end
 
+  private
+
+    def site_customization_params
+      params.require(:site_customization).permit(:name, :stylesheet, :header, :position, :enabled, :key, :override_default_style, :stylesheet_baked)
+    end
+
 end