Don't populate the password field on signup validation errors (!3691) · Merge requests · GitLab.org / GitLab FOSS · GitLab

Timothy Andrew requested to merge 14552-signup-password-leak into master Apr 13, 2016

Previously, we were pulling params[:user][:password] as the default value for the password field. This is incorrect; we should be pulling it from @user.password or the like.

[Closes #14552 (closed)]

Edited Oct 29, 2021 by 🤖 GitLab Bot 🤖