mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Refs #17209 -- Removed login/logout and password reset/change function-based views.

Browse Source 
Per deprecation timeline.
This commit is contained in:
Tim Graham
2017-09-02 19:24:18 -04:00
parent deb592b3e3
commit 4f313e284e
30 changed files with 42 additions and 870 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.4.18.txt
View File

@@ -35,7 +35,7 @@ Mitigated possible XSS attack via user-supplied redirect URLs
=============================================================
Django relies on user input in some cases (e.g.
:func:`django.contrib.auth.views.login` and :doc:`i18n </topics/i18n/index>`)
``django.contrib.auth.views.login()`` and :doc:`i18n </topics/i18n/index>`)
to redirect the user to an "on success" URL. The security checks for these
redirects (namely ``django.utils.http.is_safe_url()``) didn't strip leading
whitespace on the tested URL and as such considered URLs like