After the big news yesterday, I've been trying to find a solid article about how to fix this issue with regard to different versions of Rails, and I'm unable to do so.
The best resource that I have found so far is https://gist.github.com/1978249#file_securing_rails_updates.md, but it only provides one solution: adding ActiveRecord::Base.send(:attr_accessible, nil) to the initializer. This is also the solution presented here at http://railspikes.com/2008/9/22/is-your-rails-application-safe-from-mass-assignment at a much earlier time.
However, at the same time, I remember seeing at another place that just turn on the configuration: config.active_record.whitelist_attributes = true should be suffice.
I am thoroughly confused, from all these different resources, I'm in need to decide between two solutions that doesn't have any reference to which versions of Rails they apply to.
Perhaps I had missed a generic article on the fix after the incident, but I had not found a single article on the rails blog that shows this. I was not able to find it elsewhere, could someone please enlighten me on this. Thanks!
I found this in the gist https://gist.github.com/1978249
Add the following initializer:
config/initializers/disable_mass_assignment.rb
ActiveRecord::Base.send(:attr_accessible, nil)
Looks like a temporary fix to me until rails core comes up with something better !!