Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Prevented admin from importing auth.User.

Since we don't enforce order between apps, root packages of contrib apps
cannot import models from unrelated apps.

Fix #22005, refs #21719.
  • Loading branch information...
commit 7339f43c718008394cf5c5119994f956e27bce70 1 parent 8b67fa7
@aaugustin aaugustin authored
Showing with 3 additions and 1 deletion.
  1. +3 −1 django/contrib/admin/sites.py
View
4 django/contrib/admin/sites.py
@@ -2,7 +2,6 @@
from django.http import Http404, HttpResponseRedirect
from django.contrib.admin import ModelAdmin, actions
from django.contrib.auth import REDIRECT_FIELD_NAME
-from django.contrib.auth.views import redirect_to_login
from django.views.decorators.csrf import csrf_protect
from django.db.models.base import ModelBase
from django.apps import apps
@@ -195,6 +194,9 @@ def inner(request, *args, **kwargs):
if request.path == reverse('admin:logout', current_app=self.name):
index_path = reverse('admin:index', current_app=self.name)
return HttpResponseRedirect(index_path)
+ # Inner import to prevent django.contrib.admin (app) from
+ # importing django.contrib.auth.models.User (unrelated model).
+ from django.contrib.auth.views import redirect_to_login
return redirect_to_login(
request.get_full_path(),
reverse('admin:login', current_app=self.name)
Please sign in to comment.
Something went wrong with that request. Please try again.