diff --git a/includes/html/vars.inc.php b/includes/html/vars.inc.php
index cadd941738..20641a9916 100644
--- a/includes/html/vars.inc.php
+++ b/includes/html/vars.inc.php
@@ -10,5 +10,5 @@ foreach ($_POST as $name => $value) {
     $vars[$name] = ($value);
 }
 
-// don't leak login data
-unset($vars['username'], $vars['password'], $uri, $base_url);
+// don't leak login and other data
+unset($vars['username'], $vars['password'], $vars['_token']);