IntenseWebs/discourse
3
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-25 18:55:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

FIX: scrub all settings that has '_secret' in name

Browse Source
This commit is contained in:
Arpit Jalan
2018-05-15 09:37:13 +05:30
parent abcb6af8f9
commit 8d6a9eb511
1 changed files with 1 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/site_setting_extension.rb
View File

@@ -275,16 +275,11 @@ module SiteSettingExtension
end end
end end
SECRET_SETTINGS ||= %w{
google_oauth2_client_secret twitter_consumer_secret instagram_consumer_secret
facebook_app_secret github_client_secret s3_secret_access_key
}
def set_and_log(name, value, user = Discourse.system_user) def set_and_log(name, value, user = Discourse.system_user)
prev_value = send(name) prev_value = send(name)
set(name, value) set(name, value)
if has_setting?(name) if has_setting?(name)
value = prev_value = "[FILTERED]" if SECRET_SETTINGS.include?(name) value = prev_value = "[FILTERED]" if name.to_s =~ /_secret/
StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value) StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value)
end end
end end