diff options
author | Russell Keith-Magee <russell@keith-magee.com> | 2010-01-31 02:30:02 +0000 |
---|---|---|
committer | Russell Keith-Magee <russell@keith-magee.com> | 2010-01-31 02:30:02 +0000 |
commit | ee3132078d1c81490489fd989fd5d65581eb216b (patch) | |
tree | 216f853acbd9603d911dc12a00f9cfdd6272e9d9 /django/views | |
parent | 9a014a3a598bb0730319d38690716c474fdb925e (diff) | |
download | django-ee3132078d1c81490489fd989fd5d65581eb216b.tar.gz |
Fixed #12736 -- Fixed the debug page to hide passwords when they are in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@12360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/views')
-rw-r--r-- | django/views/debug.py | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/django/views/debug.py b/django/views/debug.py index b026210dab..18ee28b1f3 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -20,15 +20,27 @@ def linebreak_iter(template_source): p = template_source.find('\n', p+1) yield len(template_source) + 1 +def cleanse_setting(key, value): + """Cleanse an individual setting key/value of sensitive content. + + If the value is a dictionary, recursively cleanse the keys in + that dictionary. + """ + if HIDDEN_SETTINGS.search(key): + cleansed = '********************' + else: + if isinstance(value, dict): + cleansed = dict((k, cleanse_setting(k, v)) for k,v in value.items()) + else: + cleansed = value + return cleansed + def get_safe_settings(): "Returns a dictionary of the settings module, with sensitive settings blurred out." settings_dict = {} for k in dir(settings): if k.isupper(): - if HIDDEN_SETTINGS.search(k): - settings_dict[k] = '********************' - else: - settings_dict[k] = getattr(settings, k) + settings_dict[k] = cleanse_setting(k, getattr(settings, k)) return settings_dict def technical_500_response(request, exc_type, exc_value, tb): |