Author: russellm
Date: 2010-01-30 20:30:02 -0600 (Sat, 30 Jan 2010)
New Revision: 12360
Modified:
django/trunk/django/views/debug.py
Log:
Fixed #12736 -- Fixed the debug page to hide passwords when they are in
dictionary structures (like the new DATABASES setting). Thanks to Karen for the
report.
Modified: django/trunk/django/views/debug.py
===================================================================
--- django/trunk/django/views/debug.py 2010-01-30 02:25:33 UTC (rev 12359)
+++ django/trunk/django/views/debug.py 2010-01-31 02:30:02 UTC (rev 12360)
@@ -20,15 +20,27 @@
p = template_source.find('\n', p+1)
yield len(template_source) + 1
+def cleanse_setting(key, value):
+ """Cleanse an individual setting key/value of sensitive content.
+
+ If the value is a dictionary, recursively cleanse the keys in
+ that dictionary.
+ """
+ if HIDDEN_SETTINGS.search(key):
+ cleansed = '********************'
+ else:
+ if isinstance(value, dict):
+ cleansed = dict((k, cleanse_setting(k, v)) for k,v in
value.items())
+ else:
+ cleansed = value
+ return cleansed
+
def get_safe_settings():
"Returns a dictionary of the settings module, with sensitive settings
blurred out."
settings_dict = {}
for k in dir(settings):
if k.isupper():
- if HIDDEN_SETTINGS.search(k):
- settings_dict[k] = '********************'
- else:
- settings_dict[k] = getattr(settings, k)
+ settings_dict[k] = cleanse_setting(k, getattr(settings, k))
return settings_dict
def technical_500_response(request, exc_type, exc_value, tb):
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-upda...@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
