Fixed #24333 -- Fixed admin history view crash with non-integer slug.

2015-02-12 13:40:23 -05:00 · 2015-02-12 13:40:23 -05:00 · d64baaef3b
parent a93c5fb2bf
commit d64baaef3b
2 changed files with 11 additions and 2 deletions
--- a/django/contrib/admin/options.py
+++ b/django/contrib/admin/options.py
@ -36,7 +36,6 @@ from django.forms.models import (
 from django.forms.widgets import CheckboxSelectMultiple, SelectMultiple
 from django.http import Http404, HttpResponseRedirect
 from django.http.response import HttpResponseBase
-from django.shortcuts import get_object_or_404
 from django.template.response import SimpleTemplateResponse, TemplateResponse
 from django.utils import six
 from django.utils.decorators import method_decorator
@ -1646,7 +1645,12 @@ class ModelAdmin(BaseModelAdmin):
        from django.contrib.admin.models import LogEntry
        # First check if the user can see this history.
        model = self.model
-        obj = get_object_or_404(self.get_queryset(request), pk=unquote(object_id))
+        obj = self.get_object(request, unquote(object_id))
+        if obj is None:
+            raise Http404(_('%(name)s object with primary key %(key)r does not exist.') % {
+                'name': force_text(model._meta.verbose_name),
+                'key': escape(object_id),
+            })

        if not self.has_change_permission(request, obj):
            raise PermissionDenied
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@ -1551,6 +1551,11 @@ class AdminViewPermissionsTest(TestCase):

            self.client.get(reverse('admin:logout'))

+    def test_history_view_bad_url(self):
+        self.client.post(reverse('admin:login'), self.changeuser_login)
+        response = self.client.get(reverse('admin:admin_views_article_history', args=('foo',)))
+        self.assertEqual(response.status_code, 404)
+
    def test_conditionally_show_add_section_link(self):
        """
        The foreign key widget should only show the "add related" button if the