mirror of
https://github.com/django/django.git
synced 2024-12-24 10:05:46 +00:00
174d8db57c
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is publically-accessible, and if a public users can guess a content-type ID (which isn't hard given that they're sequential), then the redirect view could possibly leak data by redirecting to pages a user shouldn't "know about." So the redirect view needs the same protection as the rest of the admin site. Thanks to Jason Royes for pointing this out. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37 |
||
---|---|---|
.. | ||
modeltests | ||
regressiontests | ||
templates | ||
runtests.py | ||
test_sqlite.py | ||
urls.py |