summaryrefslogtreecommitdiff
path: root/tests/regressiontests/admin_views/tests.py
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2010-12-23 03:46:16 +0000
committerAlex Gaynor <alex.gaynor@gmail.com>2010-12-23 03:46:16 +0000
commit85207a245bf09fdebe486b4c7bbcb65300f2a693 (patch)
tree8ccd8ac3b28955b85729319e9202c0d53eb76cf8 /tests/regressiontests/admin_views/tests.py
parent47fe010a8e28b08e0273c7b90c29a40e7baf5ed0 (diff)
Fix a security issue in the admin. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15033 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests/regressiontests/admin_views/tests.py')
-rw-r--r--tests/regressiontests/admin_views/tests.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/regressiontests/admin_views/tests.py b/tests/regressiontests/admin_views/tests.py
index 2df6471bff..d3467ddfb2 100644
--- a/tests/regressiontests/admin_views/tests.py
+++ b/tests/regressiontests/admin_views/tests.py
@@ -4,6 +4,7 @@ import re
import datetime
from django.conf import settings
+from django.core.exceptions import SuspiciousOperation
from django.core.files import temp as tempfile
# Register auth models with the admin.
from django.contrib.auth import REDIRECT_FIELD_NAME, admin
@@ -300,6 +301,10 @@ class AdminViewBasicTest(TestCase):
self.assertContains(response, 'Choisir une heure')
deactivate()
+ def test_disallowed_filtering(self):
+ self.assertRaises(SuspiciousOperation,
+ self.client.get, "/test_admin/admin/admin_views/album/?owner__email__startswith=fuzzy"
+ )
class SaveAsTests(TestCase):
fixtures = ['admin-views-users.xml','admin-views-person.xml']