Hide passwords in crash reports
There was a bug where if a crash occurred while registering or logging in, passwords were revealed in the list of POST parameters in email crash reports. This fix replaces them with asterisks.
There are two commits here. The most recent commit is code that is good to go for production (as far as I can tell). The earlier commit is mostly the same, but also includes testing code that manually sends crash reports when you login or register.
To test this on your devstack:
1. Check out the earlier of these two commits (433477abe412615309b3d9a15d7db07cb5dfce9a)
2. Run the LMS. I recommend redirecting stdout to some file since the crash reports (and all emails) are printed to the console, or at least were for me. The crash reports have a lot of HTML at then end that it's a pain to scroll up through to find the list of POST parameters.
3. Login or register.
4. Find the list of POST parameters in the crash report. (I just search for `password`).
5. The `password` parameter should show a string of asterisks for its value.