From 44ea8ab973feb9dab937518ce5ecb64bb7402d59 Mon Sep 17 00:00:00 2001
From: Luke Faraone <lfaraone@humbughq.com>
Date: Wed, 19 Dec 2012 02:20:49 -0500
Subject: [PATCH] Filter out additional sensitive POST params

This should really be handled on a per-method basis, but in general we
don't want "password" or "key" to be sent to us for security reasons.

Addresses trac #569.

(imported from commit 1c246fce00f3740977c595641341ee36eb5ed831)
---
 zephyr/filters.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/zephyr/filters.py b/zephyr/filters.py
index 816ac50df1..6ff676de47 100644
--- a/zephyr/filters.py
+++ b/zephyr/filters.py
@@ -2,9 +2,10 @@ from django.views.debug import SafeExceptionReporterFilter
 
 class HumbugExceptionReporterFilter(SafeExceptionReporterFilter):
     def get_post_parameters(self, request):
-        filtered_post = SafeExceptionReporterFilter.get_post_parameters(self, request)
-        if 'content' in filtered_post:
-            filtered_post['content'] = '**********'
-        if 'secret' in filtered_post:
-            filtered_post['secret'] = '**********'
+        filtered_post = SafeExceptionReporterFilter.get_post_parameters(self, request).copy()
+        filtered_vars = ['content', 'secret', 'password', 'key', 'api_key', 'subject', 'stream']
+
+        for var in filtered_vars:
+            if var in filtered_post:
+                filtered_post[var] = '**********'
         return filtered_post