Fixed #18161 - Redirection url determination in the admin login with same logic as in the login view

django/contrib/admin/sites.py

@@ -1,3 +1,4 @@
+import urlparse
 from functools import update_wrapper
 from django.http import Http404, HttpResponseRedirect
 from django.contrib.admin import ModelAdmin, actions
@@ -311,10 +312,19 @@ def login(self, request, extra_context=None):
         Displays the login form for the given HttpRequest.
         """
         from django.contrib.auth.views import login
+        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
+        if redirect_to:
+            netloc = urlparse.urlparse(redirect_to)[1]
+            # Heavier security check -- don't allow redirection to a different
+            # host
+            if netloc and netloc != request.get_host():
+                redirect_to = ''
+        if not redirect_to:
+            redirect_to = request.get_full_path()
         context = {
             'title': _('Log in'),
             'app_path': request.get_full_path(),
-            REDIRECT_FIELD_NAME: request.get_full_path(),
+            REDIRECT_FIELD_NAME: redirect_to,
         }
         context.update(extra_context or {})
         defaults = {
@@ -323,6 +333,7 @@ def login(self, request, extra_context=None):
             'authentication_form': self.login_form or AdminAuthenticationForm,
             'template_name': self.login_template or 'admin/login.html',
         }
+        print defaults
         return login(request, **defaults)
 
     @never_cache