From 31841edf70d53d5192850396c9925dc9d19f3281 Mon Sep 17 00:00:00 2001
From: Sebastian Martinez <sebastian@wyeworks.com>
Date: Thu, 25 Aug 2011 17:17:05 -0300
Subject: [PATCH] Filter session_id on secure requests.

---
 .../views/exception_notifier/_session.text.erb      |  2 +-
 test/dummy/test/functional/posts_controller_test.rb | 13 +++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/exception_notifier/views/exception_notifier/_session.text.erb b/lib/exception_notifier/views/exception_notifier/_session.text.erb
index 14c3f2a8..ee018ac0 100644
--- a/lib/exception_notifier/views/exception_notifier/_session.text.erb
+++ b/lib/exception_notifier/views/exception_notifier/_session.text.erb
@@ -1,2 +1,2 @@
-* session id: <%= raw @request.session['session_id'].inspect.html_safe %>
+* session id: <%= @request.ssl? ? "[FILTERED]" : (raw @request.session['session_id'].inspect.html_safe) %>
 * data: <%= raw PP.pp(@request.session, "") %>
diff --git a/test/dummy/test/functional/posts_controller_test.rb b/test/dummy/test/functional/posts_controller_test.rb
index 938a4166..1357a83e 100644
--- a/test/dummy/test/functional/posts_controller_test.rb
+++ b/test/dummy/test/functional/posts_controller_test.rb
@@ -56,4 +56,17 @@ class PostsControllerTest < ActionController::TestCase
     assert @ignored_exception.class.inspect == "ActiveRecord::RecordNotFound"
     assert_nil @ignored_mail
   end
+
+  test "should filter session_id on secure requests" do
+    request.env['HTTPS'] = 'on'
+    begin
+      @post = posts(:one)
+      post :create, :post => @post.attributes
+    rescue => e
+      @secured_mail = ExceptionNotifier::Notifier.exception_notification(request.env, e)
+    end
+
+    assert request.ssl?
+    assert @secured_mail.body.include? "* session id: [FILTERED]\n  *"
+  end
 end