diff --git a/app/controllers/articles_controller.rb b/app/controllers/articles_controller.rb
index e515454..5f065a6 100644
--- a/app/controllers/articles_controller.rb
+++ b/app/controllers/articles_controller.rb
@@ -52,7 +52,7 @@ class ArticlesController < ApplicationController
   # POST /supplier/1/articles
   # POST /supplier/1/articles.xml
   def create
-    @article = Article.new(params[:article])
+    @article = Article.new(article_params)
     respond_to do |format|
       if @article.save
         flash[:notice] = 'Article was successfully created.'
@@ -70,7 +70,7 @@ class ArticlesController < ApplicationController
   def update
     @article = @supplier.articles.find(params[:id])
     respond_to do |format|
-      if @article.update(params[:article])
+      if @article.update(article_params)
         flash[:notice] = 'Article was successfully updated.'
         format.html { redirect_to supplier_article_url(@article.supplier, @article) }
         format.xml  { head :ok }
@@ -144,4 +144,26 @@ class ArticlesController < ApplicationController
     redirect_to supplier_articles_url(@supplier)
   end
 
+  private
+
+  def article_params
+    params
+      .require(:article)
+      .permit(
+        :name,
+        :number,
+        :note,
+        :manufacturer,
+        :origin,
+        :unit,
+        :price,
+        :tax,
+        :deposit,
+        :unit_quantity,
+        :category,
+        :scale_quantity,
+        :scale_price,
+        :supplier_id
+      )
+  end
 end