summaryrefslogtreecommitdiff
path: root/django/contrib/auth/admin.py
diff options
context:
space:
mode:
Diffstat (limited to 'django/contrib/auth/admin.py')
-rw-r--r--django/contrib/auth/admin.py6
1 files changed, 2 insertions, 4 deletions
diff --git a/django/contrib/auth/admin.py b/django/contrib/auth/admin.py
index 3bfbef7c68..0d3267b71b 100644
--- a/django/contrib/auth/admin.py
+++ b/django/contrib/auth/admin.py
@@ -88,10 +88,8 @@ class UserAdmin(admin.ModelAdmin):
] + super().get_urls()
def lookup_allowed(self, lookup, value):
- # See #20078: we don't want to allow any lookups involving passwords.
- if lookup.startswith('password'):
- return False
- return super().lookup_allowed(lookup, value)
+ # Don't allow lookups involving passwords.
+ return not lookup.startswith('password') and super().lookup_allowed(lookup, value)
@sensitive_post_parameters_m
@csrf_protect_m
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 04:17:50 +0000