Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge pull request #4690 from jdutil/filter_password_confirmation

Add :password_confirmation as a filtered param by default.
  • Loading branch information...
commit eafa1c429835e099897a0da90bc39d9dbbb7ed4e 2 parents f251437 + 521fedc
@josevalim josevalim authored
View
2  railties/lib/rails/generators/rails/app/templates/config/application.rb
@@ -43,7 +43,7 @@ class Application < Rails::Application
config.encoding = "utf-8"
# Configure sensitive parameters which will be filtered from the log file.
- config.filter_parameters += [:password]
+ config.filter_parameters += [:password, :password_confirmation]
# Use SQL instead of Active Record's schema dumper when creating the database.
# This is necessary if your schema can't be completely dumped by the schema dumper,

5 comments on commit eafa1c4

@carlosantoniodasilva

I do believe parameter filter does that by matching with regexps, which means that the :password key would match both password and password_confirmation. @josevalim can you confirm that please?

@josevalim
Owner

You are right, I will revert the commit.

@JDutil

Interesting I was unaware that it was picked up also by regexp. Guess I've been adding it all this time for nothing.

@benpickles

@jdutil don't feel bad, neither did this guy f09ad26

@vijaydev
Collaborator

@benpickles haha! :)

Please sign in to comment.
Something went wrong with that request. Please try again.