mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #23601 -- Ensured view exists in URLconf before importing it in admindocs.

Browse Source
This commit is contained in:
Markus Holtermann
2014-10-04 19:04:21 +02:00
committed by Tim Graham
parent a24cf21722
commit 2f16ff5a6c
4 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/releases/1.8.txt
View File

@@ -76,6 +76,14 @@ Minor features
<django.contrib.admin.ModelAdmin.show_full_result_count>` to control whether
or not the full count of objects should be displayed on a filtered admin page.
:mod:`django.contrib.admindocs`
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
* The view to browse view details now checks if the view specified in the URL
exists in the URLconf. Previously it was possible to import arbitrary
packages from the Python path. This was not considered a security issue
because ``admindocs`` is only accessible to staff users.
:mod:`django.contrib.auth`
^^^^^^^^^^^^^^^^^^^^^^^^^^