Fix account param safety

app/controllers/accounts_controller.rb

@@ -33,8 +33,12 @@ class AccountsController < ApplicationController
   end
 
   def account_type_class
-    params[:type].constantize
+    valid_account_types = %w[Checking CreditCard]
-  rescue
+
+    if params[:type].present? && valid_account_types.include?(params[:type])
+      params[:type].constantizes
+    else
       Account # Default to Account if type is not provided or invalid
     end
+  end
 end

config/routes.rb

@@ -6,9 +6,9 @@ Rails.application.routes.draw do
 
   resources :accounts
 
-  scope 'accounts/new' do
+  scope "accounts/new" do
-    scope 'bank' do
+    scope "bank" do
-      get '', to: 'accounts#new_bank', as: 'new_bank'
+      get "", to: "accounts#new_bank", as: "new_bank"
     end
   end