From f09ad263cabe2e781c1994b85375fee8deba4317 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Sun, 20 Dec 2009 20:50:25 -0800
Subject: Turn filter_parameter_logging on by default for password and
 password_confirmation and remove contentless comments

---
 .../rails/app/templates/app/controllers/application_controller.rb | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'railties')

diff --git a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
index 6635a3f487..e7991fff92 100644
--- a/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
+++ b/railties/lib/rails/generators/rails/app/templates/app/controllers/application_controller.rb
@@ -2,9 +2,7 @@
 # Likewise, all the methods added will be available for all controllers.
 
 class ApplicationController < ActionController::Base
-  helper :all # include all helpers, all the time
-  protect_from_forgery # See ActionController::RequestForgeryProtection for details
-
-  # Scrub sensitive parameters from your log
-  # filter_parameter_logging :password
+  helper :all
+  protect_from_forgery
+  filter_parameter_logging :password, :password_confirmation
 end
-- 
cgit v1.2.3