From dfd8623de4e225e33c334086ff4e2ccdfb07247f Mon Sep 17 00:00:00 2001 From: Julien Phalip Date: Mon, 31 Dec 2012 09:34:08 -0800 Subject: [1.5.x] Fixed #19453 -- Ensured that the decorated function's arguments are obfuscated in the @sensitive_variables decorator's frame, in case the variables associated with those arguments were meant to be obfuscated from the decorated function's frame. Thanks to vzima for the report. Backport of 9180146d21cf2a31eec --- docs/howto/error-reporting.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'docs/howto') diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt index 5fbe5eda59..dc51d76d82 100644 --- a/docs/howto/error-reporting.txt +++ b/docs/howto/error-reporting.txt @@ -163,6 +163,20 @@ production environment (that is, where :setting:`DEBUG` is set to ``False``): def my_function(): ... + .. admonition:: When using mutiple decorators + + If the variable you want to hide is also a function argument (e.g. + '``user``' in the following example), and if the decorated function has + mutiple decorators, then make sure to place ``@sensible_variables`` at + the top of the decorator chain. This way it will also hide the function + argument as it gets passed through the other decorators:: + + @sensitive_variables('user', 'pw', 'cc') + @some_decorator + @another_decorator + def process_info(user): + ... + .. function:: sensitive_post_parameters(*parameters) If one of your views receives an :class:`~django.http.HttpRequest` object -- cgit v1.3