From 4d1633585feddb414a967f0df83be5c63cc0ffad Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Thu, 19 Jul 2007 08:57:03 +0000
Subject: [PATCH] Don't include passwords in the request log.

---
 app/controllers/user_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index 5eba0e837..80402f677 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -5,6 +5,8 @@ class UserController < ApplicationController
   before_filter :authorize_web, :only => [:account, :go_public, :view, :diary, :make_friend]
   before_filter :require_user, :only => [:set_home, :account, :go_public, :make_friend]
 
+  filter_parameter_logging :password, :pass_crypt, :pass_crypt_confirmation
+
   def save
     @title = 'create account'
     @user = User.new(params[:user])
-- 
2.43.2