Merge pull request #160 from publify/limit-admin-article-params

Use known set of allowed attributes when autosaving an Article

app/controllers/admin/articles_controller.rb

@@ -108,7 +108,7 @@ def autosave
 
     fetch_fresh_or_existing_draft_for_article
 
-    @article.attributes = params[:article].permit!
+    @article.assign_attributes(update_params)
 
     @article.author = current_user
     @article.save_attachments!(params[:attachments])