Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Fixed #18161 - Redirection url determination in the admin login with same logic as in the login view #131

wants to merge 1 commit into from

1 participant

pvl commented

Fix for #18161 with the strategy proposed by andrewgodwin that uses in the admin login the same logic for determination of the redirection url as used in the login view

@pvl pvl closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jun 8, 2012
  1. @pvl

    fix for #18161 by using in the admin login the same logic for redirec…

    pvl committed
    …tion as used in the login view
This page is out of date. Refresh to see the latest.
Showing with 12 additions and 1 deletion.
  1. +12 −1 django/contrib/admin/
13 django/contrib/admin/
@@ -1,3 +1,4 @@
+import urlparse
from functools import update_wrapper
from django.http import Http404, HttpResponseRedirect
from django.contrib.admin import ModelAdmin, actions
@@ -311,10 +312,19 @@ def login(self, request, extra_context=None):
Displays the login form for the given HttpRequest.
from django.contrib.auth.views import login
+ redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
+ if redirect_to:
+ netloc = urlparse.urlparse(redirect_to)[1]
+ # Heavier security check -- don't allow redirection to a different
+ # host
+ if netloc and netloc != request.get_host():
+ redirect_to = ''
+ if not redirect_to:
+ redirect_to = request.get_full_path()
context = {
'title': _('Log in'),
'app_path': request.get_full_path(),
- REDIRECT_FIELD_NAME: request.get_full_path(),
+ REDIRECT_FIELD_NAME: redirect_to,
context.update(extra_context or {})
defaults = {
@@ -323,6 +333,7 @@ def login(self, request, extra_context=None):
'authentication_form': self.login_form or AdminAuthenticationForm,
'template_name': self.login_template or 'admin/login.html',
+ print defaults
return login(request, **defaults)
Something went wrong with that request. Please try again.