Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Prevented admin from importing auth.User.

Since we don't enforce order between apps, root packages of contrib apps
cannot import models from unrelated apps.

Fix #22005, refs #21719.
  • Loading branch information...
commit 7339f43c718008394cf5c5119994f956e27bce70 1 parent 8b67fa7
@aaugustin aaugustin authored
Showing with 3 additions and 1 deletion.
  1. +3 −1 django/contrib/admin/sites.py
View
4 django/contrib/admin/sites.py
@@ -2,7 +2,6 @@
from django.http import Http404, HttpResponseRedirect
from django.contrib.admin import ModelAdmin, actions
from django.contrib.auth import REDIRECT_FIELD_NAME
-from django.contrib.auth.views import redirect_to_login
from django.views.decorators.csrf import csrf_protect
from django.db.models.base import ModelBase
from django.apps import apps
@@ -195,6 +194,9 @@ def inner(request, *args, **kwargs):
if request.path == reverse('admin:logout', current_app=self.name):
index_path = reverse('admin:index', current_app=self.name)
return HttpResponseRedirect(index_path)
+ # Inner import to prevent django.contrib.admin (app) from
+ # importing django.contrib.auth.models.User (unrelated model).
+ from django.contrib.auth.views import redirect_to_login
return redirect_to_login(
request.get_full_path(),
reverse('admin:login', current_app=self.name)
Please sign in to comment.
Something went wrong with that request. Please try again.