From 092cd66cf3c3e175acce698d6ca2012068d878fa Mon Sep 17 00:00:00 2001 From: Carlton Gibson Date: Mon, 25 Nov 2019 15:23:52 +0100 Subject: Fixed CVE-2019-19118 -- Required edit permissions on parent model for editable inlines in admin. Thank you to Shen Ying for reporting this issue. --- tests/auth_tests/test_views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests/auth_tests') diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 42acafd26d..ac39a79689 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -1262,7 +1262,7 @@ class ChangelistTests(AuthViewsTestCase): data['password'] = 'shouldnotchange' change_url = reverse('auth_test_admin:auth_user_change', args=(u.pk,)) response = self.client.post(change_url, data) - self.assertRedirects(response, reverse('auth_test_admin:auth_user_changelist')) + self.assertEqual(response.status_code, 403) u.refresh_from_db() self.assertEqual(u.password, original_password) -- cgit v1.3