sensitive_variables handling fails for methods
|Reported by:||Gabriel Hurley||Owned by:||Julien Phalip|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When attempting to decorate a class method with the "sensitive_variables" decorator (both with and without the "method_decorator" decorator) the expectation is that the variables will be properly filtered out.
However, that is not the case due to this line: https://github.com/django/django/blob/master/django/views/debug.py#L159
Since methods do not live in the global namespace, they're not found, and thereby the sensitive_variable stripping is bypassed.
This is non-obvious behavior and should either be documented or fixed to behave as expected.
Change History (7)
comment:3 Changed 5 years ago by
|Owner:||changed from Gabriel Hurley to Julien Phalip|
|Severity:||Normal → Release blocker|
|Triage Stage:||Unreviewed → Accepted|