2 files changed, 17 insertions, 9 deletions

diff --git a/django/views/debug.py b/django/views/debug.py
index aaa7e40efe..e5f4c70191 100644
--- a/django/views/debug.py
+++ b/django/views/debug.py
@@ -172,13 +172,12 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter):
                 break
             current_frame = current_frame.f_back
 
-        cleansed = []
+        cleansed = {}
         if self.is_active(request) and sensitive_variables:
             if sensitive_variables == '__ALL__':
                 # Cleanse all variables
                 for name, value in tb_frame.f_locals.items():
-                    cleansed.append((name, CLEANSED_SUBSTITUTE))
-                return cleansed
+                    cleansed[name] = CLEANSED_SUBSTITUTE
             else:
                 # Cleanse specified variables
                 for name, value in tb_frame.f_locals.items():
@@ -187,16 +186,25 @@ class SafeExceptionReporterFilter(ExceptionReporterFilter):
                     elif isinstance(value, HttpRequest):
                         # Cleanse the request's POST parameters.
                         value = self.get_request_repr(value)
-                    cleansed.append((name, value))
-                return cleansed
+                    cleansed[name] = value
         else:
             # Potentially cleanse only the request if it's one of the frame variables.
             for name, value in tb_frame.f_locals.items():
                 if isinstance(value, HttpRequest):
                     # Cleanse the request's POST parameters.
                     value = self.get_request_repr(value)
-                cleansed.append((name, value))
-            return cleansed
+                cleansed[name] = value
+
+        if (tb_frame.f_code.co_name == 'sensitive_variables_wrapper'
+            and 'sensitive_variables_wrapper' in tb_frame.f_locals):
+            # For good measure, obfuscate the decorated function's arguments in
+            # the sensitive_variables decorator's frame, in case the variables
+            # associated with those arguments were meant to be obfuscated from
+            # the decorated function's frame.
+            cleansed['func_args'] = CLEANSED_SUBSTITUTE
+            cleansed['func_kwargs'] = CLEANSED_SUBSTITUTE
+
+        return cleansed.items()
 
 class ExceptionReporter(object):
     """
diff --git a/django/views/decorators/debug.py b/django/views/decorators/debug.py
index 5c222963d3..78ae6b1442 100644
--- a/django/views/decorators/debug.py
+++ b/django/views/decorators/debug.py
@@ -26,12 +26,12 @@ def sensitive_variables(*variables):
     """
     def decorator(func):
         @functools.wraps(func)
-        def sensitive_variables_wrapper(*args, **kwargs):
+        def sensitive_variables_wrapper(*func_args, **func_kwargs):
             if variables:
                 sensitive_variables_wrapper.sensitive_variables = variables
             else:
                 sensitive_variables_wrapper.sensitive_variables = '__ALL__'
-            return func(*args, **kwargs)
+            return func(*func_args, **func_kwargs)
         return sensitive_variables_wrapper
     return decorator