django1

Commit Graph

Author	SHA1	Message	Date
Simon Charette	53ff096982	Prevented data leakage in contrib.admin via query string manipulation. This is a security fix. Disclosure following shortly.	2014-08-20 14:39:40 -04:00
Preston Holmes	d228c1192e	Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation. SuspiciousOperations have been differentiated into subclasses, and are now logged to a 'django.security.*' logger. SuspiciousOperations that reach django.core.handlers.base.BaseHandler will now return a 400 instead of a 500. Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft for review.	2013-05-25 16:27:34 -07:00

Author

SHA1

Message

Date

Simon Charette

53ff096982

Prevented data leakage in contrib.admin via query string manipulation.

This is a security fix. Disclosure following shortly.

2014-08-20 14:39:40 -04:00

Preston Holmes

d228c1192e

Fixed #19866 -- Added security logger and return 400 for SuspiciousOperation.

SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.

2013-05-25 16:27:34 -07:00

2 Commits