Tick #8432: Exception notification plugin and parameters with sensitive info

As does seem to be the custom these days...


From the ticket page:

The exception notification plugin doesn't respect filtered parameters and, as a result, emails can be sent out that contain some interesting data (*cough* credit card numbers *cough*).

Attached is a patch (with tests) that uses the controller's param filtering to make sure emails don't contain any surprises.

This fixes a potential security problem for anybody using the ExceptionNotification plugin and processing sensitive information.

-- tim

This is jamis' baby and he's on holiday till the weekend. Looks good to me though, so he'll no doubt apply when he's back

No problemo—I figured he wouldn't be hanging out on the Rails trac during his vacation :slight_smile:

-- tim