#24545: sensitive_post_parameters disclosure in csrf_exempt wrapper
-------------------------------+---------------------------------------
Reporter: H0neyBadger | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 1.7
Severity: Normal | Keywords: sensitive_post_parameters
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+---------------------------------------
Hello,
I currently developing on 'Django Rest framework' and I try to hide some
parameters in django error report.
Unfortunately, the csrf_exempt method in the Traceback reveals sensitive
post data to the admin
I think adding request in the wrapper should do the trick
{{{
def wrapped_view(request, *args, **kwargs):
return view_func(request, *args, **kwargs)
}}}
Exception filter: SafeExceptionReporterFilter
Decorator : @sensitive_post_parameters
Debug = False
Django 1.7.7
Python 3.4.2
--
Ticket URL: <https://code.djangoproject.com/ticket/24545>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/054.5626b94671a8707a9c1c251cdc34e718%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
