Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Prevented flatpage view from directly accessing settings.SITE_ID

Refs #15089
  • Loading branch information...
commit 1ce4aedcefb68086918adc4137d75a6f2c0bd1f2 1 parent e772368
@claudep claudep authored
Showing with 8 additions and 6 deletions.
  1. +8 −6 django/contrib/flatpages/views.py
View
14 django/contrib/flatpages/views.py
@@ -1,9 +1,10 @@
-from django.contrib.flatpages.models import FlatPage
-from django.template import loader, RequestContext
-from django.shortcuts import get_object_or_404
-from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect
from django.conf import settings
+from django.contrib.flatpages.models import FlatPage
+from django.contrib.sites.models import get_current_site
from django.core.xheaders import populate_xheaders
+from django.http import Http404, HttpResponse, HttpResponsePermanentRedirect
+from django.shortcuts import get_object_or_404
+from django.template import loader, RequestContext
from django.utils.safestring import mark_safe
from django.views.decorators.csrf import csrf_protect
@@ -30,14 +31,15 @@ def flatpage(request, url):
"""
if not url.startswith('/'):
url = '/' + url
+ site_id = get_current_site(request).id
try:
f = get_object_or_404(FlatPage,
- url__exact=url, sites__id__exact=settings.SITE_ID)
+ url__exact=url, sites__id__exact=site_id)
except Http404:
if not url.endswith('/') and settings.APPEND_SLASH:
url += '/'
f = get_object_or_404(FlatPage,
- url__exact=url, sites__id__exact=settings.SITE_ID)
+ url__exact=url, sites__id__exact=site_id)
return HttpResponsePermanentRedirect('%s/' % request.path)
else:
raise
Please sign in to comment.
Something went wrong with that request. Please try again.