mirror of https://github.com/django/django.git
Fixed #13624: added SIGNATURE to the list of settings to hide on debug pages.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13315 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss
parent
3180f93236
commit
2311bcbd01
|
|
@ -12,7 +12,7 @@ from django.utils.importlib import import_module
|
||||||
from django.utils.encoding import smart_unicode, smart_str
|
from django.utils.encoding import smart_unicode, smart_str
|
||||||
|
|
||||||
|
|
||||||
HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST')
|
HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST|SIGNATURE')
|
||||||
|
|
||||||
def linebreak_iter(template_source):
|
def linebreak_iter(template_source):
|
||||||
yield 0
|
yield 0
|
||||||
|
|
|
||||||
|
|
@ -494,8 +494,9 @@ A boolean that turns on/off debug mode.
|
||||||
|
|
||||||
If you define custom settings, `django/views/debug.py`_ has a ``HIDDEN_SETTINGS``
|
If you define custom settings, `django/views/debug.py`_ has a ``HIDDEN_SETTINGS``
|
||||||
regular expression which will hide from the DEBUG view anything that contains
|
regular expression which will hide from the DEBUG view anything that contains
|
||||||
``'SECRET'``, ``'PASSWORD'``, or ``'PROFANITIES'``. This allows untrusted users to
|
``'SECRET'``, ``'PASSWORD'``, ``'PROFANITIES'``, or ``'SIGNATURE'``. This allows
|
||||||
be able to give backtraces without seeing sensitive (or offensive) settings.
|
untrusted users to be able to give backtraces without seeing sensitive (or
|
||||||
|
offensive) settings.
|
||||||
|
|
||||||
Still, note that there are always going to be sections of your debug output that
|
Still, note that there are always going to be sections of your debug output that
|
||||||
are inappropriate for public consumption. File paths, configuration options, and
|
are inappropriate for public consumption. File paths, configuration options, and
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue