From 51a3c6eb44a5dbdf9d7a3cfac678f0d29b0d3eef Mon Sep 17 00:00:00 2001
From: Igor Scheller <igor.scheller@igorshp.de>
Date: Sun, 21 Jul 2019 13:24:47 +0200
Subject: ErrorHandler: Remove some form fields before serialization

---
 src/Middleware/ErrorHandler.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/Middleware/ErrorHandler.php b/src/Middleware/ErrorHandler.php
index c89edb1a..544f35d5 100644
--- a/src/Middleware/ErrorHandler.php
+++ b/src/Middleware/ErrorHandler.php
@@ -6,6 +6,7 @@ use Engelsystem\Http\Exceptions\HttpException;
 use Engelsystem\Http\Exceptions\ValidationException;
 use Engelsystem\Http\Request;
 use Engelsystem\Http\Response;
+use Illuminate\Support\Arr;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
@@ -20,6 +21,16 @@ class ErrorHandler implements MiddlewareInterface
     /** @var string */
     protected $viewPrefix = 'errors/';
 
+    /**
+     * A list of inputs that are not saved from form input
+     *
+     * @var array
+     */
+    protected $formIgnore = [
+        'password',
+        'password_confirmation',
+    ];
+
     /**
      * @param TwigLoader $loader
      */
@@ -58,7 +69,7 @@ class ErrorHandler implements MiddlewareInterface
                     )
                 );
 
-                $session->set('form-data', $request->request->all());
+                $session->set('form-data', Arr::except($request->request->all(), $this->formIgnore));
             }
         }
 
-- 
cgit v1.2.3-70-g09d2