mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

Removed contrib.comments per deprecation timeline.

Browse Source
This commit is contained in:
Tim Graham
2014-03-21 07:05:36 -04:00
parent 35f46ec7a9
commit aa93a1890f
225 changed files with 23 additions and 27552 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/releases/1.4.6.txt
View File

@@ -13,7 +13,7 @@ Mitigated possible XSS attack via user-supplied redirect URLs
-------------------------------------------------------------
Django relies on user input in some cases (e.g.
:func:`django.contrib.auth.views.login`, :mod:`django.contrib.comments`, and
:func:`django.contrib.auth.views.login`, ``django.contrib.comments``, and
:doc:`i18n </topics/i18n/index>`) to redirect the user to an "on success" URL.
The security checks for these redirects (namely
``django.util.http.is_safe_url()``) didn't check if the scheme is ``http(s)``