From 722972518439c42b10fa6e71be72adb6c4c941b1 Mon Sep 17 00:00:00 2001
From: Jordan Brough <git.j@brgh.net>
Date: Wed, 3 Jan 2018 08:49:07 -0700
Subject: [PATCH] Make credit card parameter filtering more specific

Avoid unintentionally filtering out other parameters matching these names. In
particular "number" is a param that shows up in other places is often important
to *have* in the logs.

These days most shops don't have credit card numbers posted directly to their
applications anyway.
---
 core/lib/spree/core/engine.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/core/lib/spree/core/engine.rb b/core/lib/spree/core/engine.rb
index 08f8390934e..89e9126a7ce 100644
--- a/core/lib/spree/core/engine.rb
+++ b/core/lib/spree/core/engine.rb
@@ -3,6 +3,9 @@
 module Spree
   module Core
     class Engine < ::Rails::Engine
+      CREDIT_CARD_NUMBER_PARAM = /payment.*source.*\.number$/
+      CREDIT_CARD_VERIFICATION_VALUE_PARAM = /payment.*source.*\.verification_value$/
+
       isolate_namespace Spree
       engine_name 'spree'
 
@@ -30,8 +33,8 @@ class Engine < ::Rails::Engine
         app.config.filter_parameters += [
           %r{^password$},
           %r{^password_confirmation$},
-          %r{^number$}, # Credit Card number
-          %r{^verification_value$} # Credit Card verification value
+          CREDIT_CARD_NUMBER_PARAM,
+          CREDIT_CARD_VERIFICATION_VALUE_PARAM,
         ]
       end