Please sign in to comment.
[1.2.X] Prevented non-admin users from accessing the admin redirect s…
…hortcut. If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is publically-accessible, and if a public users can guess a content-type ID (which isn't hard given that they're sequential), then the redirect view could possibly leak data by redirecting to pages a user shouldn't "know about." So the redirect view needs the same protection as the rest of the admin site. Thanks to Jason Royes for pointing this out. Backport of  from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15640 bcc190cf-cafb-0310-a4f2-bffc1f526a37
- Loading branch information...
Showing with 23 additions and 2 deletions.