From 6d4fa1f9643323e450c1d5fe847a6b2eb47fc21d Mon Sep 17 00:00:00 2001 From: Mark Van Holstyn Date: Wed, 2 Jul 2008 13:55:47 -0400 Subject: [PATCH] allow config.action_controller.filter_parameter_logging in environment.rb --- actionpack/lib/action_controller/base.rb | 5 +++++ railties/environments/environment.rb | 5 +++++ railties/helpers/application.rb | 5 ----- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/actionpack/lib/action_controller/base.rb b/actionpack/lib/action_controller/base.rb index 209cdfa..73181be 100755 --- a/actionpack/lib/action_controller/base.rb +++ b/actionpack/lib/action_controller/base.rb @@ -472,6 +472,8 @@ module ActionController #:nodoc: # => reverses the value to all keys matching /secret/i, and # replaces the value to all keys matching /foo|bar/i with "[FILTERED]" def filter_parameter_logging(*filter_words, &block) + filter_words = filter_words.flatten + parameter_filter = Regexp.new(filter_words.collect{ |s| s.to_s }.join('|'), true) if filter_words.length > 0 define_method(:filter_parameters) do |unfiltered_parameters| @@ -497,6 +499,9 @@ module ActionController #:nodoc: protected :filter_parameters end + # So we can declare filter_parameter_logging in the Rails initializer. + alias_method :filter_parameter_logging=, :filter_parameter_logging + # Don't render layouts for templates with the given extensions. def exempt_from_layout(*extensions) regexps = extensions.collect do |extension| diff --git a/railties/environments/environment.rb b/railties/environments/environment.rb index a85ade3..fb0f10c 100644 --- a/railties/environments/environment.rb +++ b/railties/environments/environment.rb @@ -51,6 +51,11 @@ Rails::Initializer.run do |config| :session_key => '_<%= app_name %>_session', :secret => '<%= app_secret %>' } + + # Uncomment this to filter the contents of submitted sensitive data parameters + # from your application log (in this case, all fields with names like "password"). + # See ActionController::Base for more details. + # config.action_controller.filter_parameter_logging = :password # Use the database for sessions instead of the cookie-based default, # which shouldn't be used to store highly confidential information diff --git a/railties/helpers/application.rb b/railties/helpers/application.rb index 0a3ed82..9a79f69 100644 --- a/railties/helpers/application.rb +++ b/railties/helpers/application.rb @@ -7,9 +7,4 @@ class ApplicationController < ActionController::Base # See ActionController::RequestForgeryProtection for details # Uncomment the :secret if you're not using the cookie session store protect_from_forgery # :secret => '<%= app_secret %>' - - # See ActionController::Base for details - # Uncomment this to filter the contents of submitted sensitive data parameters - # from your application log (in this case, all fields with names like "password"). - # filter_parameter_logging :password end -- 1.5.5.3