From 8d27576948a23738693b8ee3bbe149c2854f13a9 Mon Sep 17 00:00:00 2001 From: MaM Web user Date: Tue, 7 Sep 2021 19:02:04 +0200 Subject: [PATCH] =?UTF-8?q?Revert=20"Revert=20"Maz=C3=A1n=C3=AD=20POST=20d?= =?UTF-8?q?at=20u=20hl=C3=A1=C5=A1ek=20o=20=C5=A1patn=C3=BDch=20formul?= =?UTF-8?q?=C3=A1=C5=99=C3=ADch""?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit f42bc127049d8bf245b7314bc465caaa3936d988. --- mamweb/settings_common.py | 9 +++++++++ various/log_filters.py | 18 ++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/mamweb/settings_common.py b/mamweb/settings_common.py index 89204c11..d048567e 100644 --- a/mamweb/settings_common.py +++ b/mamweb/settings_common.py @@ -245,6 +245,9 @@ LOGGING = { 'Http404AsInfo': { '()': 'various.log_filters.Http404AsInfoFilter', }, + 'StripSensitiveFormData': { + '()': 'various.log_filters.StripSensitiveFormDataFilter', + }, }, 'loggers': { @@ -258,6 +261,11 @@ LOGGING = { 'level': 'DEBUG', 'filters': ['Http404AsInfo'], }, + 'django.security.csrf': { + 'handlers': ['none'], # vyřeší propagace? + 'level': 'DEBUG', + 'filters': ['StripSensitiveFormData'], + }, 'seminar.prihlaska.form':{ 'handlers': ['console','registration_logfile'], @@ -272,6 +280,7 @@ LOGGING = { '': { 'handlers': ['console'], # Add 'mail_admins' in prod and test 'level': 'DEBUG', + 'filters': ['StripSensitiveFormData'], }, }, diff --git a/various/log_filters.py b/various/log_filters.py index c69c0bae..d0872560 100644 --- a/various/log_filters.py +++ b/various/log_filters.py @@ -1,6 +1,24 @@ from logging import Filter, INFO +from django.urls import reverse + class Http404AsInfoFilter(Filter): def filter(self, record): if record.name == 'django.request' and record.status_code == 404: record.levelno = INFO return 1 # Keep the log record + +class StripSensitiveFormDataFilter(Filter): + def filter(self, record): + if hasattr(record, 'request') and record.request.path in [ + reverse('login'), + reverse('logout'), + reverse('seminar_prihlaska'), + reverse('seminar_resitel_edit'), + reverse('reset_password'), + reverse('reset_password_done'), + reverse('reset_password_confirm'), + reverse('reset_password_complete'), + reverse('change_password'), + ]: + record.request.POST=[] + return 1