From 34e1eef009dbb4672b3d0475c9bd3058dd8f6421 Mon Sep 17 00:00:00 2001
From: baarkerlounger <db@slothlife.xyz>
Date: Thu, 25 Nov 2021 16:42:30 +0000
Subject: [PATCH] Use permitted params

---
 app/controllers/users/account_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users/account_controller.rb b/app/controllers/users/account_controller.rb
index ae81f02dd..ccbc9cc31 100644
--- a/app/controllers/users/account_controller.rb
+++ b/app/controllers/users/account_controller.rb
@@ -14,8 +14,12 @@ class Users::AccountController < ApplicationController
   end
 
   def update
-    if current_user.update('name': params[:user][:name], 'email': params[:user][:email])
+    if current_user.update(user_params)
       redirect_to(users_account_path)
     end
   end
+
+  def user_params
+    params.require(:user).permit(:email, :name, :password)
+  end
 end