Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity
django/tests
History
Jacob Kaplan-Moss 062cbfb1ec [1.2.X] Prevented non-admin users from accessing the admin redirect shortcut. 
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

Backport of [15639] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-02-24 13:38:32 +00:00
..
modeltests
[1.2.X] Fixed #15364 -- Ensure files are closed correctly during file tests. Thanks to Mila for the report and patch.
2011-02-21 14:06:12 +00:00
regressiontests
[1.2.X] Prevented non-admin users from accessing the admin redirect shortcut.
2011-02-24 13:38:32 +00:00
templates
Fixed #11949 -- Added a hook to allow ModelAdmin customization of the delete selected template. Thanks to bendavis78 for the report and patch, and Ramiro Morales for his cleanup work.
2010-04-05 12:02:27 +00:00
runtests.py
[1.2.X] Fixed #10420 -- GeoDjango tests are run as part of Django tests when using spatial database backends with runtests.py.
2010-12-21 23:43:04 +00:00
test_sqlite.py
[1.2.X] Corrected the way databases were compared. This allows running the test suite with two in memory SQLite databases. Backport of [14619].
2010-11-19 08:15:40 +00:00
urls.py
Fixed #6094 -- Middleware exceptions are now caught by the core handler. Thanks, isagalaev
2010-01-10 17:35:01 +00:00