Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Backport [7521] to 0.91-bugfixes per security policy; announcement an…

…d security bugfix release will be forthcoming.

git-svn-id: http://code.djangoproject.com/svn/django/branches/0.91-bugfixes@7529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 6e657e2c404a96e744748209e896d8a69c15fdf2 1 parent 2c03839
@ubernostrum ubernostrum authored
Showing with 2 additions and 1 deletion.
  1. +2 −1  django/contrib/admin/views/decorators.py
View
3  django/contrib/admin/views/decorators.py
@@ -2,6 +2,7 @@
from django.conf.settings import SECRET_KEY
from django.models.auth import users
from django.utils import httpwrappers
+from django.utils.html import escape
from django.utils.translation import gettext_lazy
import base64, datetime, md5
import cPickle as pickle
@@ -21,7 +22,7 @@ def _display_login_form(request, error_message=''):
post_data = _encode_post_data({})
return render_to_response('admin/login', {
'title': _('Log in'),
- 'app_path': request.path,
+ 'app_path': escape(request.path),
'post_data': post_data,
'error_message': error_message
}, context_instance=DjangoContext(request))
Please sign in to comment.
Something went wrong with that request. Please try again.