From aaaa806e06a58d47b87e1da0928b4a487bfcc64e Mon Sep 17 00:00:00 2001
From: Awilum <awilum@msn.com>
Date: Fri, 26 Jun 2020 09:32:44 +0300
Subject: [PATCH] fix(accounts-controller): fix potential vulnerability with
 raw password saving/viewing.

---
 app/Controllers/AccountsController.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/Controllers/AccountsController.php b/app/Controllers/AccountsController.php
index 5e6aa76..536f426 100644
--- a/app/Controllers/AccountsController.php
+++ b/app/Controllers/AccountsController.php
@@ -60,6 +60,7 @@ public function index(Request $request, Response $response, array $args) : Respo
             $_path = explode('/', $account['path']);
             $account_to_store['email'] = array_pop($_path);
 
+            Arr::delete($account, 'password');
             Arr::delete($account, 'hashed_password');
             Arr::delete($account, 'hashed_password_reset');
 
@@ -521,6 +522,7 @@ public function profile(Request $request, Response $response, array $args) : Res
         $profile['email'] = $email;
 
         Arr::delete($profile, 'uuid');
+        Arr::delete($profile, 'password');
         Arr::delete($profile, 'hashed_password');
         Arr::delete($profile, 'hashed_password_reset');
         Arr::delete($profile, 'roles');