mirror of
https://github.com/django/django.git
synced 2024-11-18 23:44:22 +00:00
174d8db57c
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is publically-accessible, and if a public users can guess a content-type ID (which isn't hard given that they're sequential), then the redirect view could possibly leak data by redirecting to pages a user shouldn't "know about." So the redirect view needs the same protection as the rest of the admin site. Thanks to Jason Royes for pointing this out. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37 |
||
---|---|---|
.. | ||
fixtures | ||
__init__.py | ||
customadmin.py | ||
forms.py | ||
models.py | ||
tests.py | ||
urls.py | ||
views.py |