Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Backport [7521] to 0.91-bugfixes per security policy; announcement an…

…d security bugfix release will be forthcoming.

git-svn-id: http://code.djangoproject.com/svn/django/branches/0.91-bugfixes@7529 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 6e657e2c404a96e744748209e896d8a69c15fdf2 1 parent 2c03839
James Bennett authored May 14, 2008
3  django/contrib/admin/views/decorators.py
@@ -2,6 +2,7 @@
2 2
 from django.conf.settings import SECRET_KEY
3 3
 from django.models.auth import users
4 4
 from django.utils import httpwrappers
  5
+from django.utils.html import escape
5 6
 from django.utils.translation import gettext_lazy
6 7
 import base64, datetime, md5
7 8
 import cPickle as pickle
@@ -21,7 +22,7 @@ def _display_login_form(request, error_message=''):
21 22
         post_data = _encode_post_data({})
22 23
     return render_to_response('admin/login', {
23 24
         'title': _('Log in'),
24  
-        'app_path': request.path,
  25
+        'app_path': escape(request.path),
25 26
         'post_data': post_data,
26 27
         'error_message': error_message
27 28
     }, context_instance=DjangoContext(request))

0 notes on commit 6e657e2

Please sign in to comment.
Something went wrong with that request. Please try again.