[2.1.x] Fixed CVE-2018-14574 -- Fixed open redirect possibility in CommonMiddleware.

2025-10-25 22:56:12 +00:00 · 2018-07-24 16:18:17 -04:00
parent b323425661
commit c4e5ff7fdb
8 changed files with 78 additions and 8 deletions
--- a/tests/middleware/urls.py
+++ b/tests/middleware/urls.py
@@ -6,4 +6,6 @@ urlpatterns = [
    url(r'^noslash$', views.empty_view),
    url(r'^slash/$', views.empty_view),
    url(r'^needsquoting#/$', views.empty_view),
+    # Accepts paths with two leading slashes.
+    url(r'^(.+)/security/$', views.empty_view),
 ]