Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Prevented flatpage view from directly accessing settings.SITE_ID

Refs #15089
  • Loading branch information...
commit 1ce4aedcefb68086918adc4137d75a6f2c0bd1f2 1 parent e772368
Claude Paroz authored October 01, 2012

Showing 1 changed file with 8 additions and 6 deletions. Show diff stats Hide diff stats

  1. 14  django/contrib/flatpages/views.py
14  django/contrib/flatpages/views.py
... ...
@@ -1,9 +1,10 @@
1  
-from django.contrib.flatpages.models import FlatPage
2  
-from django.template import loader, RequestContext
3  
-from django.shortcuts import get_object_or_404
4  
-from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect
5 1
 from django.conf import settings
  2
+from django.contrib.flatpages.models import FlatPage
  3
+from django.contrib.sites.models import get_current_site
6 4
 from django.core.xheaders import populate_xheaders
  5
+from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect
  6
+from django.shortcuts import get_object_or_404
  7
+from django.template import loader, RequestContext
7 8
 from django.utils.safestring import mark_safe
8 9
 from django.views.decorators.csrf import csrf_protect
9 10
 
@@ -30,14 +31,15 @@ def flatpage(request, url):
30 31
     """
31 32
     if not url.startswith('/'):
32 33
         url = '/' + url
  34
+    site_id = get_current_site(request).id
33 35
     try:
34 36
         f = get_object_or_404(FlatPage,
35  
-            url__exact=url, sites__id__exact=settings.SITE_ID)
  37
+            url__exact=url, sites__id__exact=site_id)
36 38
     except Http404:
37 39
         if not url.endswith('/') and settings.APPEND_SLASH:
38 40
             url += '/'
39 41
             f = get_object_or_404(FlatPage,
40  
-                url__exact=url, sites__id__exact=settings.SITE_ID)
  42
+                url__exact=url, sites__id__exact=site_id)
41 43
             return HttpResponsePermanentRedirect('%s/' % request.path)
42 44
         else:
43 45
             raise

0 notes on commit 1ce4aed

Please sign in to comment.
Something went wrong with that request. Please try again.