summaryrefslogtreecommitdiff
path: root/docs/ref/forms
diff options
context:
space:
mode:
authorJacob Kaplan-Moss <jacob@jacobian.org>2011-02-24 13:34:51 +0000
committerJacob Kaplan-Moss <jacob@jacobian.org>2011-02-24 13:34:51 +0000
commit174d8db57caf56e845aee54c02b57c14b777f892 (patch)
treedaad315dcac3d07d3ad702d579255e46b3c3c2af /docs/ref/forms
parent4b13e76debbb64818559b504a2dd043af5fcad33 (diff)
Prevented non-admin users from accessing the admin redirect shortcut.
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is publically-accessible, and if a public users can guess a content-type ID (which isn't hard given that they're sequential), then the redirect view could possibly leak data by redirecting to pages a user shouldn't "know about." So the redirect view needs the same protection as the rest of the admin site. Thanks to Jason Royes for pointing this out. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/ref/forms')
0 files changed, 0 insertions, 0 deletions