diff --git a/app/controllers/profiles_controller.rb b/app/controllers/profiles_controller.rb
index ef1ec28e4..c82b1f43b 100644
--- a/app/controllers/profiles_controller.rb
+++ b/app/controllers/profiles_controller.rb
@@ -33,7 +33,7 @@ class ProfilesController < ApplicationController
 
   def update
     # upload and set new profile photo
-    @profile_attrs = params[:profile] || {}
+    @profile_attrs = params.require(:profile).permit(:first_name, :last_name, :gender, :bio, :location, :searchable, :tag_string, :nsfw, :date => [:year, :month, :day]) || {}
     
     munge_tag_string