diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2010-12-23 03:46:16 +0000 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2010-12-23 03:46:16 +0000 |
| commit | 85207a245bf09fdebe486b4c7bbcb65300f2a693 (patch) | |
| tree | 8ccd8ac3b28955b85729319e9202c0d53eb76cf8 /tests/regressiontests/admin_views/tests.py | |
| parent | 47fe010a8e28b08e0273c7b90c29a40e7baf5ed0 (diff) | |
Fix a security issue in the admin. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15033 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests/regressiontests/admin_views/tests.py')
| -rw-r--r-- | tests/regressiontests/admin_views/tests.py | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/regressiontests/admin_views/tests.py b/tests/regressiontests/admin_views/tests.py index 2df6471bff..d3467ddfb2 100644 --- a/tests/regressiontests/admin_views/tests.py +++ b/tests/regressiontests/admin_views/tests.py @@ -4,6 +4,7 @@ import re import datetime from django.conf import settings +from django.core.exceptions import SuspiciousOperation from django.core.files import temp as tempfile # Register auth models with the admin. from django.contrib.auth import REDIRECT_FIELD_NAME, admin @@ -300,6 +301,10 @@ class AdminViewBasicTest(TestCase): self.assertContains(response, 'Choisir une heure') deactivate() + def test_disallowed_filtering(self): + self.assertRaises(SuspiciousOperation, + self.client.get, "/test_admin/admin/admin_views/album/?owner__email__startswith=fuzzy" + ) class SaveAsTests(TestCase): fixtures = ['admin-views-users.xml','admin-views-person.xml'] |
