Skip to content
Browse files

Prevented admin from importing auth.User.

Since we don't enforce order between apps, root packages of contrib apps
cannot import models from unrelated apps.

Fix #22005, refs #21719.
  • Loading branch information...
1 parent 8b67fa7 commit 7339f43c718008394cf5c5119994f956e27bce70 @aaugustin aaugustin committed
Showing with 3 additions and 1 deletion.
  1. +3 −1 django/contrib/admin/
4 django/contrib/admin/
@@ -2,7 +2,6 @@
from django.http import Http404, HttpResponseRedirect
from django.contrib.admin import ModelAdmin, actions
from django.contrib.auth import REDIRECT_FIELD_NAME
-from django.contrib.auth.views import redirect_to_login
from django.views.decorators.csrf import csrf_protect
from django.db.models.base import ModelBase
from django.apps import apps
@@ -195,6 +194,9 @@ def inner(request, *args, **kwargs):
if request.path == reverse('admin:logout',
index_path = reverse('admin:index',
return HttpResponseRedirect(index_path)
+ # Inner import to prevent django.contrib.admin (app) from
+ # importing django.contrib.auth.models.User (unrelated model).
+ from django.contrib.auth.views import redirect_to_login
return redirect_to_login(

0 comments on commit 7339f43

Please sign in to comment.
Something went wrong with that request. Please try again.