p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
django/tests
History
Jacob Kaplan-Moss 174d8db57c Prevented non-admin users from accessing the admin redirect shortcut. 
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is
publically-accessible, and if a public users can guess a content-type ID
(which isn't hard given that they're sequential), then the redirect view could
possibly leak data by redirecting to pages a user shouldn't "know about." So
the redirect view needs the same protection as the rest of the admin site.

Thanks to Jason Royes for pointing this out.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 		2011-02-24 13:34:51 +00:00
..
modeltests Fixed #15364 -- Ensure files are closed correctly during file tests. Thanks to Mila for the report and patch. 2011-02-21 13:45:29 +00:00
regressiontests Prevented non-admin users from accessing the admin redirect shortcut. 2011-02-24 13:34:51 +00:00
templates Fixed #13897 -- Added tests for pagination feature of the generic object_list view. Thanks, d0ugal and SmileyChris. 2010-10-01 02:01:20 +00:00
runtests.py Fixed using --pair with python's that aren't the system default, when not in the tests directory, and when using the global DJANGO_SETTINGS_MODULE env var. 2011-01-27 00:00:20 +00:00
test_sqlite.py Corrected the way databases were compared. This allows running the test suite with two in memory SQLite databases. 2010-11-19 08:08:08 +00:00
urls.py Fixed #14774 -- the test client and assertNumQueries didn't work well together. Thanks to Jonas Obrist for the initial patch. 2011-01-20 04:47:47 +00:00