Commit 2311bcbd authored by Jacob Kaplan-Moss's avatar Jacob Kaplan-Moss
Browse files

Fixed #13624: added SIGNATURE to the list of settings to hide on debug pages. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@13315 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 3180f932

django/views/debug.py

+1 −1
Original line number Diff line number Diff line
@@ -12,7 +12,7 @@ from django.utils.importlib import import_module 
from django.utils.encoding import smart_unicode, smart_str





HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST')

HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST|SIGNATURE')



def linebreak_iter(template_source):

    yield 0

docs/ref/settings.txt

+3 −2
Original line number Diff line number Diff line
@@ -494,8 +494,9 @@ A boolean that turns on/off debug mode. 


If you define custom settings, `django/views/debug.py`_ has a ``HIDDEN_SETTINGS``

regular expression which will hide from the DEBUG view anything that contains

``'SECRET'``, ``'PASSWORD'``, or ``'PROFANITIES'``. This allows untrusted users to

be able to give backtraces without seeing sensitive (or offensive) settings.

``'SECRET'``, ``'PASSWORD'``, ``'PROFANITIES'``, or ``'SIGNATURE'``. This allows

untrusted users to be able to give backtraces without seeing sensitive (or

offensive) settings.



Still, note that there are always going to be sections of your debug output that

are inappropriate for public consumption. File paths, configuration options, and