FIX: scrub all settings that has '_secret' in name

2025-06-03 19:39:30 +08:00 · 2018-05-15 09:37:13 +05:30
parent abcb6af8f9
commit 8d6a9eb511
1 changed files with 1 additions and 6 deletions
--- a/lib/site_setting_extension.rb
+++ b/lib/site_setting_extension.rb
@ -275,16 +275,11 @@ module SiteSettingExtension
    end
  end

-  SECRET_SETTINGS ||= %w{
-    google_oauth2_client_secret twitter_consumer_secret instagram_consumer_secret
-    facebook_app_secret github_client_secret s3_secret_access_key
-  }
-
  def set_and_log(name, value, user = Discourse.system_user)
    prev_value = send(name)
    set(name, value)
    if has_setting?(name)
-      value = prev_value = "[FILTERED]" if SECRET_SETTINGS.include?(name)
+      value = prev_value = "[FILTERED]" if name.to_s =~ /_secret/
      StaffActionLogger.new(user).log_site_setting_change(name, prev_value, value)
    end
  end