From 1ce4aedcefb68086918adc4137d75a6f2c0bd1f2 Mon Sep 17 00:00:00 2001 From: Claude Paroz Date: Mon, 1 Oct 2012 14:17:55 +0200 Subject: [PATCH] Prevented flatpage view from directly accessing settings.SITE_ID Refs #15089 --- django/contrib/flatpages/views.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/django/contrib/flatpages/views.py b/django/contrib/flatpages/views.py index 0b462ac5a4..497979e497 100644 --- a/django/contrib/flatpages/views.py +++ b/django/contrib/flatpages/views.py @@ -1,9 +1,10 @@ -from django.contrib.flatpages.models import FlatPage -from django.template import loader, RequestContext -from django.shortcuts import get_object_or_404 -from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect from django.conf import settings +from django.contrib.flatpages.models import FlatPage +from django.contrib.sites.models import get_current_site from django.core.xheaders import populate_xheaders +from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect +from django.shortcuts import get_object_or_404 +from django.template import loader, RequestContext from django.utils.safestring import mark_safe from django.views.decorators.csrf import csrf_protect @@ -30,14 +31,15 @@ def flatpage(request, url): """ if not url.startswith('/'): url = '/' + url + site_id = get_current_site(request).id try: f = get_object_or_404(FlatPage, - url__exact=url, sites__id__exact=settings.SITE_ID) + url__exact=url, sites__id__exact=site_id) except Http404: if not url.endswith('/') and settings.APPEND_SLASH: url += '/' f = get_object_or_404(FlatPage, - url__exact=url, sites__id__exact=settings.SITE_ID) + url__exact=url, sites__id__exact=site_id) return HttpResponsePermanentRedirect('%s/' % request.path) else: raise