id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 28217 nested calls to functions decorated with sensitive_post_parameters produces unexpected results which parameters are considered sensitive Peter Zsoldos "can reproduce with Django 1.8, 1.9, and 1.11 Rather than to explain in words, below is the testcase which reproduces the issue. `test_all_outside_should_override_limited_inside` fails, and for `test_what_should_happen_when_both_have_limited_variable_list` I'm not even sure what would be the correct expected result - combine the specified variable list? {{{#!python from django.http import HttpRequest from django.test import SimpleTestCase from django.views.decorators.debug import sensitive_post_parameters class NestingSensitivePostParameterDecoratorsTestCase(SimpleTestCase): def test_all_inside_should_override_limited_ones_outside(self): self.assertEqual( '__ALL__', self.get_request_sensitive_parameters( inner_args=[], outer_args=['foo', 'bar'] ) ) def test_all_outside_should_override_limited_inside(self): self.assertEqual( '__ALL__', self.get_request_sensitive_parameters( inner_args=['foo', 'bar'], outer_args=[] ) ) def test_what_should_happen_when_both_have_limited_variable_list(self): self.assertEqual( ('bar', 'foo'), self.get_request_sensitive_parameters( inner_args=['foo'], outer_args=['bar'] ) ) def get_request_sensitive_parameters(self, inner_args, outer_args): @sensitive_post_parameters(*outer_args) def outer(request): return inner(request) @sensitive_post_parameters(*inner_args) def inner(request): return 'response' request = HttpRequest() outer(request) return request.sensitive_post_parameters }}}" Bug closed Error reporting 1.8 Normal wontfix Unreviewed 0 0 0 0 0 0