fix(security): Hide sensible information (#7270) (#7271)

django-cms · Mar 23, 2022 · ddbd1eb · ddbd1eb
1 parent 9e8eb17
commit ddbd1eb
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/cms/templates/cms/toolbar/toolbar_javascript.html b/cms/templates/cms/toolbar/toolbar_javascript.html
@@ -24,7 +24,7 @@
         'toolbar': '{% language cms_toolbar.request_language %}{% cms_admin_url "cms_usersettings_get_toolbar" %}{% endlanguage %}'
     },
     'lang': {
-        {% if user.is_authenticated %}
+        {% if debug and user.is_authenticated %}
         'debug': '{% filter escapejs %}{% blocktrans %}Development version using django CMS {{ cms_version }}, Django {{ django_version }}, Python {{ python_version }}{% endblocktrans %}{% endfilter %}',
         {% endif %}
         'cancel': '{% filter escapejs %}{% trans "Cancel" %}{% endfilter %}',

diff --git a/cms/toolbar/toolbar.py b/cms/toolbar/toolbar.py
@@ -469,6 +469,8 @@ def render_with_structure(self, context, nodelist):
 
         with force_language(self.toolbar_language):
             # needed to populate the context with sekizai content
+            if 'debug' not in context:
+                context['debug'] = settings.DEBUG
             render_to_string('cms/toolbar/toolbar_javascript.html', flatten_context(context))
 
         # render everything below the tag