summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2015-02-12 13:40:23 -0500
committerTim Graham <timograham@gmail.com>2015-02-12 14:20:17 -0500
commit03f4e2d90997aec4c8f57c5c9b7925d70194327e (patch)
tree8c3ab744b138a86e9a302c8593f83b55c412b431
parent6476fa73d3ce03eac1a5a05e839257316da992db (diff)
[1.8.x] Fixed #24333 -- Fixed admin history view crash with non-integer slug.
Backport of d64baaef3b95abe9ae5d07317c9bf4df02cb8592 from master
-rw-r--r--django/contrib/admin/options.py8
-rw-r--r--tests/admin_views/tests.py5
2 files changed, 11 insertions, 2 deletions
diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py
index 7ea550ddd1..8bc50de33c 100644
--- a/django/contrib/admin/options.py
+++ b/django/contrib/admin/options.py
@@ -39,7 +39,6 @@ from django.forms.models import (
from django.forms.widgets import CheckboxSelectMultiple, SelectMultiple
from django.http import Http404, HttpResponseRedirect
from django.http.response import HttpResponseBase
-from django.shortcuts import get_object_or_404
from django.template.response import SimpleTemplateResponse, TemplateResponse
from django.utils import six
from django.utils.decorators import method_decorator
@@ -1750,7 +1749,12 @@ class ModelAdmin(BaseModelAdmin):
from django.contrib.admin.models import LogEntry
# First check if the user can see this history.
model = self.model
- obj = get_object_or_404(self.get_queryset(request), pk=unquote(object_id))
+ obj = self.get_object(request, unquote(object_id))
+ if obj is None:
+ raise Http404(_('%(name)s object with primary key %(key)r does not exist.') % {
+ 'name': force_text(model._meta.verbose_name),
+ 'key': escape(object_id),
+ })
if not self.has_change_permission(request, obj):
raise PermissionDenied
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 508a6c7c59..2e016515cf 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -1471,6 +1471,11 @@ class AdminViewPermissionsTest(TestCase):
self.client.get(reverse('admin:logout'))
+ def test_history_view_bad_url(self):
+ self.client.post(reverse('admin:login'), self.changeuser_login)
+ response = self.client.get(reverse('admin:admin_views_article_history', args=('foo',)))
+ self.assertEqual(response.status_code, 404)
+
def test_conditionally_show_add_section_link(self):
"""
The foreign key widget should only show the "add related" button if the