From 3d16ef2bfce339a32f3e98bdffb4dc6614112661 Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Fri, 24 Nov 2017 10:41:05 +0100
Subject: [PATCH] Remove privacy data from mails

---
 scipost/views.py            | 6 +++++-
 templates/crsf-failure.html | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/scipost/views.py b/scipost/views.py
index a31485495..da0db506e 100644
--- a/scipost/views.py
+++ b/scipost/views.py
@@ -1325,6 +1325,10 @@ def csrf_failure(request, reason=""):
     Custom CRSF Failure. Informing admins via email as well.
     """
     body = 'Error message: ' + reason + '\nUser: ' + str(request.user)
-    body += '\nRequest GET: ' + str(request.GET) + '\nRequest POST: ' + str(request.POST)
+    body += '\nRequest GET: ' + str(request.GET) + '\nRequest POST: '
+    post_data = dict(request.POST)
+    if 'password' in post_data:
+        post_data['password'] = '******'
+    body += str(post_data)
     mail.mail_admins('CRSF Failure', body)
     return render(request, 'crsf-failure.html')
diff --git a/templates/crsf-failure.html b/templates/crsf-failure.html
index 60d2fbb32..da3a85b8a 100644
--- a/templates/crsf-failure.html
+++ b/templates/crsf-failure.html
@@ -1,6 +1,6 @@
 {% extends 'scipost/base.html' %}
 
-{% block pagetitle %}: 500{% endblock pagetitle %}
+{% block pagetitle %}: CRSF Failure{% endblock pagetitle %}
 
 {% block content %}
 
-- 
GitLab