From 09595b4fc67ac4c94ed4e0d4c69acc1e4a748c81 Mon Sep 17 00:00:00 2001
From: Markus Holtermann <info@markusholtermann.eu>
Date: Tue, 31 Mar 2015 15:47:06 +0200
Subject: Fixed #24625 -- Prevented arbitrary file inclusion in admindocs

Thanks Tim Graham for the review.
---
 tests/admin_docs/models.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'tests/admin_docs/models.py')

diff --git a/tests/admin_docs/models.py b/tests/admin_docs/models.py
index 7e8b6c37e8..89a9e8c98e 100644
--- a/tests/admin_docs/models.py
+++ b/tests/admin_docs/models.py
@@ -29,6 +29,12 @@ class Person(models.Model):
         Field storing :model:`myapp.Company` where the person works.
 
     (DESCRIPTION)
+
+    .. raw:: html
+        :file: admin_docs/evilfile.txt
+
+    .. include:: admin_docs/evilfile.txt
+
     """
     first_name = models.CharField(max_length=200, help_text="The person's first name")
     last_name = models.CharField(max_length=200, help_text="The person's last name")
-- 
cgit v1.3