Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Fixed #21098 -- Applied sensitive_post_parameters to MultiValueDict #1624

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant
Owner

timgraham commented Sep 12, 2013

Getting an error in MultiValueDict on a POST, such as doing request.POST['foo'], will leak the POST data without any escaping by Django, i.e. the MultiValueDictKeyError contains an unescaped repr of request.POST, no matter if you've added for instance @sensitive_post_parameters("password").

https://code.djangoproject.com/ticket/21098

Owner

timgraham commented Sep 18, 2013

merged in 2daada8

@timgraham timgraham closed this Sep 18, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment