[1.4.x] Prevented data leakage in contrib.admin via query string manipulation.

This is a security fix. Disclosure following shortly.
author: Simon Charette <charette.s@gmail.com> 2014-08-11 15:36:16 -0400
committer: Tim Graham <timograham@gmail.com> 2014-08-11 16:01:41 -0400
commit: 027bd348642007617518379f8b02546abacaa6e0 (patch)
tree: 573f0e4f79c862f6f4983a0d0caab5b54facdf5a /django/contrib/admin/exceptions.py
parent: c9e3b9949cd55f090591fbdc4a114fcb8368b6d9 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/django/contrib/admin/exceptions.py b/django/contrib/admin/exceptions.py
new file mode 100644
index 0000000000..d9de47eefd
--- /dev/null
+++ b/django/contrib/admin/exceptions.py
@@ -0,0 +1,6 @@
+from django.core.exceptions import SuspiciousOperation
+
+
+class DisallowedModelAdminToField(SuspiciousOperation):
+    """Invalid to_field was passed to admin view via URL query string"""
+    pass
author	Simon Charette <charette.s@gmail.com>	2014-08-11 15:36:16 -0400
committer	Tim Graham <timograham@gmail.com>	2014-08-11 16:01:41 -0400
commit	027bd348642007617518379f8b02546abacaa6e0 (patch)
tree	573f0e4f79c862f6f4983a0d0caab5b54facdf5a /django/contrib/admin/exceptions.py
parent	c9e3b9949cd55f090591fbdc4a114fcb8368b6d9 (diff)