paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 21:43:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Filter out additional sensitive POST params

Browse Source 
This should really be handled on a per-method basis, but in general we
don't want "password" or "key" to be sent to us for security reasons.

Addresses trac #569.

(imported from commit 1c246fce00f3740977c595641341ee36eb5ed831)
This commit is contained in:
Luke Faraone
2012-12-19 02:20:49 -05:00
parent 6173ed509c
commit 44ea8ab973
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
zephyr/filters.py
View File

@@ -2,9 +2,10 @@ from django.views.debug import SafeExceptionReporterFilter
class HumbugExceptionReporterFilter(SafeExceptionReporterFilter):
def get_post_parameters(self, request):
filtered_post = SafeExceptionReporterFilter.get_post_parameters(self, request)
if 'content' in filtered_post:
filtered_post['content'] = '**********'
if 'secret' in filtered_post:
filtered_post['secret'] = '**********'
filtered_post = SafeExceptionReporterFilter.get_post_parameters(self, request).copy()
filtered_vars = ['content', 'secret', 'password', 'key', 'api_key', 'subject', 'stream']
for var in filtered_vars:
if var in filtered_post:
filtered_post[var] = '**********'
return filtered_post