From a59be0f7f4bf19e7a93ec57d22c0519d4060730f Mon Sep 17 00:00:00 2001
From: aamir-khan <aamir@edx.org>
Date: Wed, 29 Jul 2015 18:49:33 +0500
Subject: [PATCH] ECOM-1947: updated the middleware to exclude the password
 strings from event logging

---
 common/djangoapps/track/middleware.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/djangoapps/track/middleware.py b/common/djangoapps/track/middleware.py
index ea5cdd51f1..7f26b05494 100644
--- a/common/djangoapps/track/middleware.py
+++ b/common/djangoapps/track/middleware.py
@@ -63,7 +63,7 @@ class TrackMiddleware(object):
             # files when we change this.
 
             censored_strings = ['password', 'newpassword', 'new_password',
-                                'oldpassword', 'old_password']
+                                'oldpassword', 'old_password', 'new_password1', 'new_password2']
             post_dict = dict(request.POST)
             get_dict = dict(request.GET)
             for string in censored_strings: