Implemented Censor "password" and "password_confirm" on login/register errors


Active member
If a user is registering or logging in and a server error occurs during the request, the full state of the request gets sent to the error log, including the user's password. I believe this information should censored in the log to protect user privacy and confidence in security.

Censoring the password could pose a problem if somehow the password is related to the server error, so perhaps an override (such as debug mode) should allow the log to be untouched.

I noticed this because Gravatar timed out when a user was registering.