[4.2.x] Fixed CVE-2024-41991 -- Prevented potential ReDoS in django.utils.html.urlize() and AdminURLFieldWidget.

Thanks Seokchan Yoon for the report. Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2024-07-10 20:30:12 +0200
committer: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> 2024-07-31 16:12:23 +0200
commit: efea1ef7e2190e3f77ca0651b5458297bc0f6a9f (patch)
tree: 69b0236736ffabd9de6d5963ab8e33fcc01eca9b /django/contrib/admin/widgets.py
parent: d0a82e26a74940bf0c78204933c3bdd6a283eb88 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/django/contrib/admin/widgets.py b/django/contrib/admin/widgets.py
index 5e3416bc28..3d11a40efe 100644
--- a/django/contrib/admin/widgets.py
+++ b/django/contrib/admin/widgets.py
@@ -383,7 +383,7 @@ class AdminURLFieldWidget(forms.URLInput):
         context["current_label"] = _("Currently:")
         context["change_label"] = _("Change:")
         context["widget"]["href"] = (
-            smart_urlquote(context["widget"]["value"]) if value else ""
+            smart_urlquote(context["widget"]["value"]) if url_valid else ""
         )
         context["url_valid"] = url_valid
         return context
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2024-07-10 20:30:12 +0200
committer	Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>	2024-07-31 16:12:23 +0200
commit	efea1ef7e2190e3f77ca0651b5458297bc0f6a9f (patch)
tree	69b0236736ffabd9de6d5963ab8e33fcc01eca9b /django/contrib/admin/widgets.py
parent	d0a82e26a74940bf0c78204933c3bdd6a283eb88 (diff)