Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #799: any setting with "SECRET" or "PASSWORD" in the name is es…

…caped in the debug view output (this can be expanded if there are other "naughty words" we want to strip out in the future. Thanks, Ian

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1242 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit d6aa904487527d468a6b8bc097028d7af9a668e6 1 parent 705a568
Jacob Kaplan-Moss authored November 15, 2005

Showing 1 changed file with 15 additions and 2 deletions. Show diff stats Hide diff stats

  1. 17  django/views/debug.py
17  django/views/debug.py
... ...
@@ -1,3 +1,4 @@
  1
+import re
1 2
 import os
2 3
 import sys
3 4
 import inspect
@@ -6,6 +7,8 @@
6 7
 from django.core.template import Template, Context
7 8
 from django.utils.httpwrappers import HttpResponseServerError, HttpResponseNotFound
8 9
 
  10
+HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD')
  11
+
9 12
 def technical_500_response(request, exc_type, exc_value, tb):
10 13
     """
11 14
     Create a technical server error response.  The last three arguments are
@@ -30,7 +33,17 @@ def technical_500_response(request, exc_type, exc_value, tb):
30 33
             'pre_context_lineno' : pre_context_lineno,
31 34
         })
32 35
         tb = tb.tb_next
33  
-        
  36
+    
  37
+    # Turn the settings module into a dict, filtering out anything that 
  38
+    # matches HIDDEN_SETTINGS along the way.
  39
+    settings_dict = {}
  40
+    for k in dir(settings):
  41
+        if k.isupper():
  42
+            if HIDDEN_SETTINGS.search(k):
  43
+                settings_dict[k] = '********************'
  44
+            else:
  45
+                settings_dict[k] = getattr(settings, k)
  46
+                
34 47
     t = Template(TECHNICAL_500_TEMPLATE)
35 48
     c = Context({
36 49
         'exception_type' : exc_type.__name__,
@@ -39,7 +52,7 @@ def technical_500_response(request, exc_type, exc_value, tb):
39 52
         'lastframe' : frames[-1],
40 53
         'request' : request,
41 54
         'request_protocol' : os.environ.get("HTTPS") == "on" and "https" or "http",
42  
-        'settings' : dict([(k, getattr(settings, k)) for k in dir(settings) if k.isupper()]),
  55
+        'settings' : settings_dict,
43 56
         
44 57
     })
45 58
     return HttpResponseServerError(t.render(c))

0 notes on commit d6aa904

Please sign in to comment.
Something went wrong with that request. Please try again.