Permalink
Browse files

Merge pull request #4690 from jdutil/filter_password_confirmation

Add :password_confirmation as a filtered param by default.
  • Loading branch information...
2 parents f251437 + 521fedc commit eafa1c429835e099897a0da90bc39d9dbbb7ed4e @josevalim josevalim committed Jan 26, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 railties/lib/rails/generators/rails/app/templates/config/application.rb
@@ -43,7 +43,7 @@ class Application < Rails::Application
config.encoding = "utf-8"
# Configure sensitive parameters which will be filtered from the log file.
- config.filter_parameters += [:password]
+ config.filter_parameters += [:password, :password_confirmation]
# Use SQL instead of Active Record's schema dumper when creating the database.
# This is necessary if your schema can't be completely dumped by the schema dumper,

5 comments on commit eafa1c4

I do believe parameter filter does that by matching with regexps, which means that the :password key would match both password and password_confirmation. @josevalim can you confirm that please?

Contributor

josevalim replied Jan 26, 2012

You are right, I will revert the commit.

Contributor

JDutil replied Jan 26, 2012

Interesting I was unaware that it was picked up also by regexp. Guess I've been adding it all this time for nothing.

Contributor

benpickles replied Jan 26, 2012

@JDutil don't feel bad, neither did this guy f09ad26

Member

vijaydev replied Jan 26, 2012

@benpickles haha! :)

Please sign in to comment.