mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 01:25:32 +00:00
Code Issues 32 Releases Wiki Activity

[1.7.x] Prevented data leakage in contrib.admin via query string manipulation.

Browse Source 
This is a security fix. Disclosure following shortly.
This commit is contained in:
Simon Charette
2014-08-07 00:18:10 -04:00
committed by Tim Graham
parent 1a45d059c7
commit 2b31342cdf
8 changed files with 115 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/ref/exceptions.txt
View File

@@ -56,6 +56,7 @@ SuspiciousOperation
* DisallowedHost
* DisallowedModelAdminLookup
* DisallowedModelAdminToField
* DisallowedRedirect
* InvalidSessionKey
* SuspiciousFileOperation