Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #12736 -- Fixed the debug page to hide passwords when they are …

…in dictionary structures (like the new DATABASES setting). Thanks to Karen for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit ee3132078d1c81490489fd989fd5d65581eb216b 1 parent 9a014a3
@freakboy3742 freakboy3742 authored
Showing with 16 additions and 4 deletions.
  1. +16 −4 django/views/debug.py
View
20 django/views/debug.py
@@ -20,15 +20,27 @@ def linebreak_iter(template_source):
p = template_source.find('\n', p+1)
yield len(template_source) + 1
+def cleanse_setting(key, value):
+ """Cleanse an individual setting key/value of sensitive content.
+
+ If the value is a dictionary, recursively cleanse the keys in
+ that dictionary.
+ """
+ if HIDDEN_SETTINGS.search(key):
+ cleansed = '********************'
+ else:
+ if isinstance(value, dict):
+ cleansed = dict((k, cleanse_setting(k, v)) for k,v in value.items())
+ else:
+ cleansed = value
+ return cleansed
+
def get_safe_settings():
"Returns a dictionary of the settings module, with sensitive settings blurred out."
settings_dict = {}
for k in dir(settings):
if k.isupper():
- if HIDDEN_SETTINGS.search(k):
- settings_dict[k] = '********************'
- else:
- settings_dict[k] = getattr(settings, k)
+ settings_dict[k] = cleanse_setting(k, getattr(settings, k))
return settings_dict
def technical_500_response(request, exc_type, exc_value, tb):
Please sign in to comment.
Something went wrong with that request. Please try again.