1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00

[1.5.x] Fixed #19453 -- Ensured that the decorated function's arguments are obfuscated in the @sensitive_variables decorator's frame, in case the variables associated with those arguments were meant to be obfuscated from the decorated function's frame.

Thanks to vzima for the report.
Backport of 9180146d21
This commit is contained in:
Julien Phalip
2012-12-31 09:34:08 -08:00
parent fd1279a44d
commit dfd8623de4
5 changed files with 137 additions and 28 deletions

View File

@@ -163,6 +163,20 @@ production environment (that is, where :setting:`DEBUG` is set to ``False``):
def my_function():
...
.. admonition:: When using mutiple decorators
If the variable you want to hide is also a function argument (e.g.
'``user``' in the following example), and if the decorated function has
mutiple decorators, then make sure to place ``@sensible_variables`` at
the top of the decorator chain. This way it will also hide the function
argument as it gets passed through the other decorators::
@sensitive_variables('user', 'pw', 'cc')
@some_decorator
@another_decorator
def process_info(user):
...
.. function:: sensitive_post_parameters(*parameters)
If one of your views receives an :class:`~django.http.HttpRequest` object