django1/django/contrib/auth
Jacob Kaplan-Moss 6e748b5db4 Fixed #11457: tightened the security check for "next" redirects after logins.
The new behavior still disallows redirects to off-site URLs, but now allows
redirects of the form `/some/other/view?foo=http://...`.

Thanks to brutasse.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12635 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-01 19:58:53 +00:00
..
fixtures Refs #7521 -- Re-reverted [7716] (originally reverted in [7726]), now modified to use the new TestCase urlpattern framework. 2008-06-30 13:11:12 +00:00
handlers Small change to modpython auth handler to support Apache 2.2 2007-09-15 18:36:31 +00:00
management Fixed #6273 -- Added a 'changepassword' management command. Thanks to Ludvig Ericson and Justin Lilly for their work on this patch. 2010-01-29 08:10:29 +00:00
tests Fixed #11457: tightened the security check for "next" redirects after logins. 2010-03-01 19:58:53 +00:00
__init__.py Fixed #12557 - AnonymousUser should check auth backends for permissions 2010-01-28 01:47:23 +00:00
admin.py Fixed #12804 - regression with decorating admin views. 2010-02-09 15:02:39 +00:00
backends.py Fixed #12729 -- Replaced a hard-coded SQL statement with an ORM query so that the contrib.auth ModelBackend will work on a routed multi-db setup. Thanks to dhageman for the report. 2010-02-23 12:02:41 +00:00
context_processors.py Fixed #12066 - Moved auth context processor from core to the auth app. Thanks, Rob Hudson. 2010-02-21 23:40:47 +00:00
create_superuser.py Fixed #7392 -- Corrected a typo in the backwards-compatibility layer to the new createsuperuser command. 2008-06-08 08:45:14 +00:00
decorators.py Fixed #12804 - regression with decorating admin views. 2010-02-09 15:02:39 +00:00
forms.py Fixed #5786: relaxed the validation for usernames to allow more common characters '@', etc. 2010-03-01 19:49:05 +00:00
middleware.py Fixed #689 -- Added a middleware and authentication backend to contrib.auth for supporting external authentication solutions. Thanks to all who contributed to this patch, including Ian Holsman, garthk, Koen Biermans, Marc Fargas, ekarulf, and Ramiro Morales. 2009-03-15 05:54:28 +00:00
models.py Fixed #5786: relaxed the validation for usernames to allow more common characters '@', etc. 2010-03-01 19:49:05 +00:00
tokens.py Fixed #10265: fixed a bug when generating a password reset token for a user created on the same request. Thanks, crucialfelix. 2009-04-01 21:25:24 +00:00
urls.py Tests for password change process. Thanks, Mike Richardson. Fixed #8402. 2008-08-23 18:20:49 +00:00
views.py Fixed #11457: tightened the security check for "next" redirects after logins. 2010-03-01 19:58:53 +00:00