Closed helenaut closed 12 years ago
line 50 event = Event.new(params[:event]) because of mass assignment w/out attr accessible.
potentially malicious - not sure: line 10 @event_strips = Event.event_strips_for_month(@shown_month, :include => :nurse, :conditions => "nurses.unit_id = #{@unit_id} and nurses.shift = '#{@shift}'") UPDATE: rx says potentially malicious; change it to the '?' notation
Risk 1
line 50 event = Event.new(params[:event]) because of mass assignment w/out attr accessible.
Risk 2
potentially malicious - not sure: line 10 @event_strips = Event.event_strips_for_month(@shown_month, :include => :nurse, :conditions => "nurses.unit_id = #{@unit_id} and nurses.shift = '#{@shift}'") UPDATE: rx says potentially malicious; change it to the '?' notation