Backport [7521] to 0.96-bugfixes per security policy; announcement and security bugfix release will be forthcoming.

git-svn-id: http://code.djangoproject.com/svn/django/branches/0.96-bugfixes@7527 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2008-05-14 04:06:46 +00:00 · 2008-05-14 04:06:46 +00:00 · 7791e5c050
parent 7dd2dd08a7
commit 7791e5c050
1 changed files with 2 additions and 1 deletions
--- a/django/contrib/admin/views/decorators.py
+++ b/django/contrib/admin/views/decorators.py
@ -3,6 +3,7 @@ from django.conf import settings
 from django.contrib.auth.models import User
 from django.contrib.auth import authenticate, login
 from django.shortcuts import render_to_response
+from django.utils.html import escape
 from django.utils.translation import gettext_lazy
 import base64, datetime, md5
 import cPickle as pickle
@ -22,7 +23,7 @@ def _display_login_form(request, error_message=''):
        post_data = _encode_post_data({})
    return render_to_response('admin/login.html', {
        'title': _('Log in'),
-        'app_path': request.path,
+        'app_path': escape(request.path),
        'post_data': post_data,
        'error_message': error_message
    }, context_instance=template.RequestContext(request))