Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #12736 -- Fixed the debug page to hide passwords when they are …

…in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit ee3132078d1c81490489fd989fd5d65581eb216b 1 parent 9a014a3
Russell Keith-Magee authored January 31, 2010

Showing 1 changed file with 16 additions and 4 deletions. Show diff stats Hide diff stats

  1. 20  django/views/debug.py
20  django/views/debug.py
@@ -20,15 +20,27 @@ def linebreak_iter(template_source):
20 20
         p = template_source.find('\n', p+1)
21 21
     yield len(template_source) + 1
22 22
 
  23
+def cleanse_setting(key, value):
  24
+    """Cleanse an individual setting key/value of sensitive content.
  25
+
  26
+    If the value is a dictionary, recursively cleanse the keys in
  27
+    that dictionary.
  28
+    """
  29
+    if HIDDEN_SETTINGS.search(key):
  30
+        cleansed = '********************'
  31
+    else:
  32
+        if isinstance(value, dict):
  33
+            cleansed = dict((k, cleanse_setting(k, v)) for k,v in value.items())
  34
+        else:
  35
+            cleansed = value
  36
+    return cleansed
  37
+
23 38
 def get_safe_settings():
24 39
     "Returns a dictionary of the settings module, with sensitive settings blurred out."
25 40
     settings_dict = {}
26 41
     for k in dir(settings):
27 42
         if k.isupper():
28  
-            if HIDDEN_SETTINGS.search(k):
29  
-                settings_dict[k] = '********************'
30  
-            else:
31  
-                settings_dict[k] = getattr(settings, k)
  43
+            settings_dict[k] = cleanse_setting(k, getattr(settings, k))
32 44
     return settings_dict
33 45
 
34 46
 def technical_500_response(request, exc_type, exc_value, tb):

0 notes on commit ee31320

Please sign in to comment.
Something went wrong with that request. Please try again.