diff --git a/app/controllers/contests_controller.rb b/app/controllers/contests_controller.rb
--- a/app/controllers/contests_controller.rb
+++ b/app/controllers/contests_controller.rb
@@ -66,7 +66,7 @@
     @contest = Contest.find(params[:id])
 
     respond_to do |format|
-      if @contest.update_attributes(params[:contest])
+      if @contest.update_attributes(contests_params)
         flash[:notice] = 'Contest was successfully updated.'
         format.html { redirect_to(@contest) }
         format.xml  { head :ok }
@@ -89,4 +89,10 @@
     end
   end
 
+  private
+
+    def contests_params
+      params.require(:contest).permit(:title,:enabled,:name)
+    end
+
 end