Fixed #13624: added SIGNATURE to the list of settings to hide on debug pages.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13315 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jacob Kaplan-Moss 2010-05-28 17:25:43 +00:00
parent 3180f93236
commit 2311bcbd01
2 changed files with 4 additions and 3 deletions

View File

@ -12,7 +12,7 @@ from django.utils.importlib import import_module
from django.utils.encoding import smart_unicode, smart_str
HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST')
HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST|SIGNATURE')
def linebreak_iter(template_source):
yield 0

View File

@ -494,8 +494,9 @@ A boolean that turns on/off debug mode.
If you define custom settings, `django/views/debug.py`_ has a ``HIDDEN_SETTINGS``
regular expression which will hide from the DEBUG view anything that contains
``'SECRET'``, ``'PASSWORD'``, or ``'PROFANITIES'``. This allows untrusted users to
be able to give backtraces without seeing sensitive (or offensive) settings.
``'SECRET'``, ``'PASSWORD'``, ``'PROFANITIES'``, or ``'SIGNATURE'``. This allows
untrusted users to be able to give backtraces without seeing sensitive (or
offensive) settings.
Still, note that there are always going to be sections of your debug output that
are inappropriate for public consumption. File paths, configuration options, and