Fixed #24625 -- Prevented arbitrary file inclusion in admindocs

Thanks Tim Graham for the review.
author: Markus Holtermann <info@markusholtermann.eu> 2015-03-31 15:47:06 +0200
committer: Markus Holtermann <info@markusholtermann.eu> 2015-04-11 20:36:10 +0200
commit: 09595b4fc67ac4c94ed4e0d4c69acc1e4a748c81 (patch)
tree: 1070880104158663ba7b0bdbb90349283efda46a /tests/admin_docs/models.py
parent: 4e7ed8d0d3e29e21d46abe06ac244da3754c82cc (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/admin_docs/models.py b/tests/admin_docs/models.py
index 7e8b6c37e8..89a9e8c98e 100644
--- a/tests/admin_docs/models.py
+++ b/tests/admin_docs/models.py
@@ -29,6 +29,12 @@ class Person(models.Model):
         Field storing :model:`myapp.Company` where the person works.
 
     (DESCRIPTION)
+
+    .. raw:: html
+        :file: admin_docs/evilfile.txt
+
+    .. include:: admin_docs/evilfile.txt
+
     """
     first_name = models.CharField(max_length=200, help_text="The person's first name")
     last_name = models.CharField(max_length=200, help_text="The person's last name")
author	Markus Holtermann <info@markusholtermann.eu>	2015-03-31 15:47:06 +0200
committer	Markus Holtermann <info@markusholtermann.eu>	2015-04-11 20:36:10 +0200
commit	09595b4fc67ac4c94ed4e0d4c69acc1e4a748c81 (patch)
tree	1070880104158663ba7b0bdbb90349283efda46a /tests/admin_docs/models.py
parent	4e7ed8d0d3e29e21d46abe06ac244da3754c82cc (diff)