Fixed #21056 -- AdminSite.app_index no longer blindly accepts any app-labelish input.
This commit is contained in:
Keryn Knight
Tim Graham
parent
da843e7dba
commit
170f721367
|
|
@ -232,14 +232,25 @@ class AdminSite(object):
|
|||
url(r'^password_change/done/$', wrap(self.password_change_done, cacheable=True), name='password_change_done'),
|
||||
url(r'^jsi18n/$', wrap(self.i18n_javascript, cacheable=True), name='jsi18n'),
|
||||
url(r'^r/(?P<content_type_id>\d+)/(?P<object_id>.+)/$', wrap(contenttype_views.shortcut), name='view_on_site'),
|
||||
url(r'^(?P<app_label>\w+)/$', wrap(self.app_index), name='app_list'),
|
||||
)
|
||||
|
||||
# Add in each model's views.
|
||||
# Add in each model's views, and create a list of valid URLS for the
|
||||
# app_index
|
||||
valid_app_labels = []
|
||||
for model, model_admin in six.iteritems(self._registry):
|
||||
urlpatterns += patterns('',
|
||||
url(r'^%s/%s/' % (model._meta.app_label, model._meta.model_name), include(model_admin.urls))
|
||||
)
|
||||
if model._meta.app_label not in valid_app_labels:
|
||||
valid_app_labels.append(model._meta.app_label)
|
||||
|
||||
# If there were ModelAdmins registered, we should have a list of app
|
||||
# labels for which we need to allow access to the app_index view,
|
||||
if valid_app_labels:
|
||||
regex = r'^(?P<app_label>' + '|'.join(valid_app_labels) + ')/$'
|
||||
urlpatterns += patterns('',
|
||||
url(regex, wrap(self.app_index), name='app_list'),
|
||||
)
|
||||
return urlpatterns
|
||||
|
||||
@property
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ import unittest
|
|||
from django.conf import settings, global_settings
|
||||
from django.core import mail
|
||||
from django.core.files import temp as tempfile
|
||||
from django.core.urlresolvers import reverse
|
||||
from django.core.urlresolvers import reverse, NoReverseMatch
|
||||
# Register auth models with the admin.
|
||||
from django.contrib.auth import get_permission_codename
|
||||
from django.contrib.admin.helpers import ACTION_CHECKBOX_NAME
|
||||
|
|
@ -640,6 +640,20 @@ class AdminViewBasicTest(AdminViewBasicTestCase):
|
|||
# Check the format of the shown object -- shouldn't contain a change link
|
||||
self.assertContains(response, '<th class="field-__str__">UnchangeableObject object</th>', html=True)
|
||||
|
||||
def test_invalid_appindex_url(self):
|
||||
"""
|
||||
#21056 -- URL reversing shouldn't work for nonexistent apps.
|
||||
"""
|
||||
good_url = '/test_admin/admin/admin_views/'
|
||||
confirm_good_url = reverse('admin:app_list',
|
||||
kwargs={'app_label': 'admin_views'})
|
||||
self.assertEqual(good_url, confirm_good_url)
|
||||
|
||||
with self.assertRaises(NoReverseMatch):
|
||||
reverse('admin:app_list', kwargs={'app_label': 'this_should_fail'})
|
||||
with self.assertRaises(NoReverseMatch):
|
||||
reverse('admin:app_list', args=('admin_views2',))
|
||||
|
||||
|
||||
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
|
||||
class AdminViewFormUrlTest(TestCase):
|
||||
|
|
|
|||
Loading…
Reference in New Issue