diff --git a/django/contrib/auth/admin.py b/django/contrib/auth/admin.py
index ccf940d..268880f 100644
|
a
|
b
|
from django.utils.safestring import mark_safe
|
| 15 | 15 | from django.utils import six |
| 16 | 16 | from django.utils.translation import ugettext, ugettext_lazy as _ |
| 17 | 17 | from django.views.decorators.csrf import csrf_protect |
| 18 | | from django.views.decorators.debug import sensitive_post_parameters |
| | 18 | from django.views.decorators.debug import sensitive_post_parameters_m |
| 19 | 19 | |
| 20 | 20 | csrf_protect_m = method_decorator(csrf_protect) |
| 21 | 21 | |
| … |
… |
class UserAdmin(admin.ModelAdmin):
|
| 84 | 84 | self.admin_site.admin_view(self.user_change_password)) |
| 85 | 85 | ) + super(UserAdmin, self).get_urls() |
| 86 | 86 | |
| 87 | | @sensitive_post_parameters |
| | 87 | @sensitive_post_parameters_m() |
| 88 | 88 | @csrf_protect_m |
| 89 | 89 | @transaction.commit_on_success |
| 90 | 90 | def add_view(self, request, form_url='', extra_context=None): |
| … |
… |
class UserAdmin(admin.ModelAdmin):
|
| 114 | 114 | return super(UserAdmin, self).add_view(request, form_url, |
| 115 | 115 | extra_context) |
| 116 | 116 | |
| 117 | | @sensitive_post_parameters |
| | 117 | @sensitive_post_parameters_m() |
| 118 | 118 | def user_change_password(self, request, id, form_url=''): |
| 119 | 119 | if not self.has_change_permission(request): |
| 120 | 120 | raise PermissionDenied |
diff --git a/django/views/decorators/debug.py b/django/views/decorators/debug.py
index 5c22296..b6fc11c 100644
|
a
|
b
|
def sensitive_post_parameters(*parameters):
|
| 69 | 69 | return view(request, *args, **kwargs) |
| 70 | 70 | return sensitive_post_parameters_wrapper |
| 71 | 71 | return decorator |
| | 72 | |
| | 73 | |
| | 74 | def sensitive_post_parameters_m(*parameters): |
| | 75 | "sensitive_post_parameters function for class method" |
| | 76 | def decorator(view): |
| | 77 | @functools.wraps(view) |
| | 78 | def sensitive_post_parameters_wrapper(self, request, *args, **kwargs): |
| | 79 | if parameters: |
| | 80 | request.sensitive_post_parameters = parameters |
| | 81 | else: |
| | 82 | request.sensitive_post_parameters = '__ALL__' |
| | 83 | return view(self, request, *args, **kwargs) |
| | 84 | return sensitive_post_parameters_wrapper |
| | 85 | return decorator |
diff --git a/tests/regressiontests/views/views.py b/tests/regressiontests/views/views.py
index 17872ee..0b90224 100644
|
a
|
b
|
from django.shortcuts import render_to_response, render
|
| 9 | 9 | from django.template import Context, RequestContext, TemplateDoesNotExist |
| 10 | 10 | from django.views.debug import technical_500_response, SafeExceptionReporterFilter |
| 11 | 11 | from django.views.decorators.debug import (sensitive_post_parameters, |
| 12 | | sensitive_variables) |
| | 12 | sensitive_post_parameters_m, sensitive_variables) |
| 13 | 13 | from django.utils.log import getLogger |
| 14 | 14 | |
| 15 | 15 | from . import BrokenException, except_args |
| … |
… |
class Klass(object):
|
| 226 | 226 | send_log(request, exc_info) |
| 227 | 227 | return technical_500_response(request, *exc_info) |
| 228 | 228 | |
| 229 | | @sensitive_post_parameters |
| | 229 | @sensitive_post_parameters_m("password", "secret-key") |
| 230 | 230 | def method_post(self, request): |
| 231 | 231 | request.method = 'POST' |
| 232 | 232 | request.POST._mutable = True |