From 2311bcbd016783d20a64b0b4d745318af0a1c0dd Mon Sep 17 00:00:00 2001 From: Jacob Kaplan-Moss Date: Fri, 28 May 2010 17:25:43 +0000 Subject: [PATCH] Fixed #13624: added SIGNATURE to the list of settings to hide on debug pages. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13315 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/views/debug.py | 2 +- docs/ref/settings.txt | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/django/views/debug.py b/django/views/debug.py index 6604bd3dae..a396d36244 100644 --- a/django/views/debug.py +++ b/django/views/debug.py @@ -12,7 +12,7 @@ from django.utils.importlib import import_module from django.utils.encoding import smart_unicode, smart_str -HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST') +HIDDEN_SETTINGS = re.compile('SECRET|PASSWORD|PROFANITIES_LIST|SIGNATURE') def linebreak_iter(template_source): yield 0 diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 58f87b9cf4..0101e6ed22 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -494,8 +494,9 @@ A boolean that turns on/off debug mode. If you define custom settings, `django/views/debug.py`_ has a ``HIDDEN_SETTINGS`` regular expression which will hide from the DEBUG view anything that contains -``'SECRET'``, ``'PASSWORD'``, or ``'PROFANITIES'``. This allows untrusted users to -be able to give backtraces without seeing sensitive (or offensive) settings. +``'SECRET'``, ``'PASSWORD'``, ``'PROFANITIES'``, or ``'SIGNATURE'``. This allows +untrusted users to be able to give backtraces without seeing sensitive (or +offensive) settings. Still, note that there are always going to be sections of your debug output that are inappropriate for public consumption. File paths, configuration options, and