mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-01-22 16:19:35 +00:00
Code Issues 32 Releases Wiki Activity
django/tests
History
Jacob Kaplan-Moss 174d8db57c Prevented non-admin users from accessing the admin redirect shortcut. 
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:34:51 +00:00
..
modeltests
Fixed #15364 -- Ensure files are closed correctly during file tests. Thanks to Mila for the report and patch.
2011-02-21 13:45:29 +00:00
regressiontests
Prevented non-admin users from accessing the admin redirect shortcut.
2011-02-24 13:34:51 +00:00
templates
runtests.py
Fixed using --pair with python's that aren't the system default, when not in the tests directory, and when using the global DJANGO_SETTINGS_MODULE env var.
2011-01-27 00:00:20 +00:00
test_sqlite.py
urls.py