Since Django only blanks out passwords in request.POST if the key is 'PASSWORD', and it's a one-line change, we should flip on Jeff's HidPasswordOnException middleware.
Would be nice this year but not critical for 2.3. Will revisit if we come out ahead.
Target Milestone: 2.3 → 2.4
Component: Code Quality → Users and Groups
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
Please add verification steps or [qa-], thanks
Technically this could be verified by receiving a stack trace with a password in a field like "password2" and having it replaced with stars. But I have no idea how to cause that stack trace. If you find one, feel free to verify this and file a bug for the stack trace ;)
Closed as [qa-]
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.