From 8d6a9eb51114b35cab006ed284240e8c84dd3276 Mon Sep 17 00:00:00 2001
From: Arpit Jalan <arpit@techapj.com>
Date: Tue, 15 May 2018 09:37:13 +0530
Subject: [PATCH] FIX: scrub all settings that has '_secret' in name

---
 lib/site_setting_extension.rb | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/lib/site_setting_extension.rb b/lib/site_setting_extension.rb
index 3fa11ca23ba..8ea79430c92 100644
--- a/lib/site_setting_extension.rb
+++ b/lib/site_setting_extension.rb
@@ -275,16 +275,11 @@ module SiteSettingExtension
     end
   end
 
-  SECRET_SETTINGS ||= %w{
-    google_oauth2_client_secret twitter_consumer_secret instagram_consumer_secret
-    facebook_app_secret github_client_secret s3_secret_access_key
-  }
-
   def set_and_log(name, value, user = Discourse.system_user)
     prev_value = send(name)
     set(name, value)
     if has_setting?(name)
-      value = prev_value = "[FILTERED]" if SECRET_SETTINGS.include?(name)
+      value = prev_value = "[FILTERED]" if name.to_s =~ /_secret/
       StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value)
     end
   end