FIX: scrub all settings that has '_secret' in name

This commit is contained in:
Arpit Jalan 2018-05-15 09:37:13 +05:30
parent abcb6af8f9
commit 8d6a9eb511
1 changed files with 1 additions and 6 deletions

View File

@ -275,16 +275,11 @@ module SiteSettingExtension
end end
end end
SECRET_SETTINGS ||= %w{
google_oauth2_client_secret twitter_consumer_secret instagram_consumer_secret
facebook_app_secret github_client_secret s3_secret_access_key
}
def set_and_log(name, value, user = Discourse.system_user) def set_and_log(name, value, user = Discourse.system_user)
prev_value = send(name) prev_value = send(name)
set(name, value) set(name, value)
if has_setting?(name) if has_setting?(name)
value = prev_value = "[FILTERED]" if SECRET_SETTINGS.include?(name) value = prev_value = "[FILTERED]" if name.to_s =~ /_secret/
StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value) StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value)
end end
end end