Please sign in to comment.
Prevented non-admin users from accessing the admin redirect shortcut.
If the admin shortcut view (e.g. /admin/r/<content-type>/<pk>/) is publically-accessible, and if a public users can guess a content-type ID (which isn't hard given that they're sequential), then the redirect view could possibly leak data by redirecting to pages a user shouldn't "know about." So the redirect view needs the same protection as the rest of the admin site. Thanks to Jason Royes for pointing this out. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15639 bcc190cf-cafb-0310-a4f2-bffc1f526a37
- Loading branch information...
Showing with 23 additions and 2 deletions.