innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #12736 -- Fixed the debug page to hide passwords when they are in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Russell Keith-Magee 2010-01-31 02:30:02 +00:00
parent 9a014a3a59
commit ee3132078d
1 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
django/views/debug.py
View File

@ -20,15 +20,27 @@ def linebreak_iter(template_source):
p = template_source.find('\n', p+1) p = template_source.find('\n', p+1)
yield len(template_source) + 1 yield len(template_source) + 1
def cleanse_setting(key, value):
"""Cleanse an individual setting key/value of sensitive content.
If the value is a dictionary, recursively cleanse the keys in
that dictionary.
"""
if HIDDEN_SETTINGS.search(key):
cleansed = '********************'
else:
if isinstance(value, dict):
cleansed = dict((k, cleanse_setting(k, v)) for k,v in value.items())
else:
cleansed = value
return cleansed
def get_safe_settings(): def get_safe_settings():
"Returns a dictionary of the settings module, with sensitive settings blurred out." "Returns a dictionary of the settings module, with sensitive settings blurred out."
settings_dict = {} settings_dict = {}
for k in dir(settings): for k in dir(settings):
if k.isupper(): if k.isupper():
if HIDDEN_SETTINGS.search(k): settings_dict[k] = cleanse_setting(k, getattr(settings, k))
settings_dict[k] = '********************'
else:
settings_dict[k] = getattr(settings, k)
return settings_dict return settings_dict
def technical_500_response(request, exc_type, exc_value, tb): def technical_500_response(request, exc_type, exc_value, tb):