[1.6.x] Fixed a remote code execution vulnerabilty in URL reversing.

Thanks Benjamin Bach for the report and initial patch.

This is a security fix; disclosure to follow shortly.

Backport of 8b93b31487 from master

tests/urlpatterns_reverse/urls.py

@@ -7,6 +7,7 @@ from .views import empty_view, absolute_kwargs_view
 
 other_patterns = patterns('',
     url(r'non_path_include/$', empty_view, name='non_path_include'),
+    url(r'nested_path/$', 'urlpatterns_reverse.views.nested_view'),
 )
 
 urlpatterns = patterns('',