Enabled strong_parameters across all models/controllers.

All models are now using ActiveModel::ForbiddenAttributesProtection, which shifts the responsibility for parameter whitelisting for mass-assignments from the model to the controller. attr_accessible has been disabled and removed as this functionality replaces that.

The require_parameters method in the ApplicationController has been removed in favor of strong_parameters' #require method.

It is important to note that there is still some refactoring required to get all parameters to pass through #require and #permit so that we can guarantee that parameter values are scalar. Currently strong_parameters, in most cases, is only being utilized to require parameters and to whitelist the few places that do mass-assignments.

app/controllers/clicks_controller.rb

@@ -3,14 +3,11 @@ class ClicksController < ApplicationController
   skip_before_filter :check_xhr
 
   def track
-    requires_parameter(:url)
-    if params[:topic_id].present? || params[:post_id].present?
-      args = {url: params[:url], ip: request.remote_ip}
-      args[:user_id] = current_user.id if current_user.present?
-      args[:post_id] = params[:post_id].to_i if params[:post_id].present?
-      args[:topic_id] = params[:topic_id].to_i if params[:topic_id].present?
+    params = track_params.merge(ip: request.remote_ip)
 
-      TopicLinkClick.create_from(args)
+    if params[:topic_id].present? || params[:post_id].present?
+      params.merge!({ user_id: current_user.id }) if current_user.present?
+      TopicLinkClick.create_from(params)
     end
 
     # Sometimes we want to record a link without a 302. Since XHR has to load the redirected
@@ -22,4 +19,11 @@ class ClicksController < ApplicationController
     end
   end
 
+  private
+
+    def track_params
+      params.require(:url)
+      params.permit(:url, :post_id, :topic_id, :redirect)
+    end
+
 end