diff options
| author | James Bennett <ubernostrum@gmail.com> | 2008-05-14 04:07:15 +0000 |
|---|---|---|
| committer | James Bennett <ubernostrum@gmail.com> | 2008-05-14 04:07:15 +0000 |
| commit | 50ce7fb57d79e8940ccf6e2781f2f01df029b5c5 (patch) | |
| tree | 1fa0bcf83e48cd8e5b66146da1820350d82126d2 | |
| parent | 412ed22502e11c50dbfee854627594f0e7e2c234 (diff) | |
Backport [7521] to 0.95-bugfixes per security policy; announcement and security bugfix release will be forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/branches/0.95-bugfixes@7528 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/contrib/admin/views/decorators.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/django/contrib/admin/views/decorators.py b/django/contrib/admin/views/decorators.py index fce50909f0..e6bca2fc88 100644 --- a/django/contrib/admin/views/decorators.py +++ b/django/contrib/admin/views/decorators.py @@ -3,6 +3,7 @@ from django.conf import settings from django.contrib.auth.models import User from django.contrib.auth import authenticate, login from django.shortcuts import render_to_response +from django.utils.html import escape from django.utils.translation import gettext_lazy import base64, datetime, md5 import cPickle as pickle @@ -22,7 +23,7 @@ def _display_login_form(request, error_message=''): post_data = _encode_post_data({}) return render_to_response('admin/login.html', { 'title': _('Log in'), - 'app_path': request.path, + 'app_path': escape(request.path), 'post_data': post_data, 'error_message': error_message }, context_instance=template.RequestContext(request)) |