From 092cd66cf3c3e175acce698d6ca2012068d878fa Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Mon, 25 Nov 2019 15:23:52 +0100 Subject: Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin. Thank you to Shen Ying for reporting this issue. --- tests/admin_views/admin.py | 9 --------- 1 file changed, 9 deletions(-) (limited to 'tests/admin_views/admin.py') diff --git a/tests/admin_views/admin.py b/tests/admin_views/admin.py index 4f39381783..ca326aab75 100644 --- a/tests/admin_views/admin.py +++ b/tests/admin_views/admin.py @@ -1168,12 +1168,3 @@ class ArticleAdmin9(admin.ModelAdmin): site9 = admin.AdminSite(name='admin9') site9.register(Article, ArticleAdmin9) - - -class ArticleAdmin10(admin.ModelAdmin): - def has_change_permission(self, request, obj=None): - return False - - -site10 = admin.AdminSite(name='admin10') -site10.register(Article, ArticleAdmin10) -- cgit v1.3