[1.7.x] Prevented reverse() from generating URLs pointing to other hosts.

This is a security fix. Disclosure following shortly.
2025-10-25 06:36:07 +00:00 · 2014-07-17 21:59:28 +02:00
parent 1c00c38b4a
commit bf650a2ee7
6 changed files with 50 additions and 1 deletions
--- a/tests/urlpatterns_reverse/urls.py
+++ b/tests/urlpatterns_reverse/urls.py
@@ -66,4 +66,7 @@ urlpatterns = patterns('',
    (r'defaults_view2/(?P<arg1>\d+)/', 'defaults_view', {'arg2': 2}, 'defaults'),

    url('^includes/', include(other_patterns)),
+
+    # Security tests
+    url('(.+)/security/$', empty_view, name='security'),
 )