Fixed #19453 -- Ensured that the decorated function's arguments are obfuscated in the @sensitive_variables decorator's frame, in case the variables associated with those arguments were meant to be obfuscated from the decorated function's frame.

Thanks to vzima for the report.

1 files changed, 14 insertions, 0 deletions

diff --git a/docs/howto/error-reporting.txt b/docs/howto/error-reporting.txt
index 35add32e4c..98b3b4e4d8 100644
--- a/docs/howto/error-reporting.txt
+++ b/docs/howto/error-reporting.txt
@@ -153,6 +153,20 @@ production environment (that is, where :setting:`DEBUG` is set to ``False``):
         def my_function():
             ...
 
+    .. admonition:: When using mutiple decorators
+
+        If the variable you want to hide is also a function argument (e.g.
+        '``user``' in the following example), and if the decorated function has
+        mutiple decorators, then make sure to place ``@sensible_variables`` at
+        the top of the decorator chain. This way it will also hide the function
+        argument as it gets passed through the other decorators::
+
+            @sensitive_variables('user', 'pw', 'cc')
+            @some_decorator
+            @another_decorator
+            def process_info(user):
+                ...
+
 .. function:: sensitive_post_parameters(*parameters)
 
     If one of your views receives an :class:`~django.http.HttpRequest` object