[1.5.x] Fixed a remote code execution vulnerabilty in URL reversing.

Thanks Benjamin Bach for the report and initial patch. This is a security fix; disclosure to follow shortly. Backport of 8b93b31487 from master
2025-10-27 07:36:08 +00:00 · 2014-04-20 13:33:59 -04:00
parent d6c685cc78
commit 2a5bcb69f4
5 changed files with 51 additions and 2 deletions
--- a/tests/regressiontests/urlpatterns_reverse/urls.py
+++ b/tests/regressiontests/urlpatterns_reverse/urls.py
@@ -7,6 +7,7 @@ from .views import empty_view, absolute_kwargs_view

 other_patterns = patterns('',
    url(r'non_path_include/$', empty_view, name='non_path_include'),
+    url(r'nested_path/$', 'regressiontests.urlpatterns_reverse.views.nested_view'),
 )

 urlpatterns = patterns('',