Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fixed #18161 changing the determination of redirect url in admin login #135

Closed
wants to merge 1 commit into from

3 participants

Pedro Lima Tim Graham wodo
Pedro Lima
pvl commented

Changed the logic for determination of the redirect URL in admin login to match the logic in the login view, as proposed by andrewgodwin in the ticket #18161

wodo

I did a patch of Django 1.4.2 and the issue seems to be solved.

Tim Graham
Owner

Ticket has been closed as invalid.

Tim Graham timgraham closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 10 additions and 1 deletion.
  1. +10 −1 django/contrib/admin/sites.py
11 django/contrib/admin/sites.py
View
@@ -1,3 +1,4 @@
+import urlparse
from functools import update_wrapper
from django.http import Http404, HttpResponseRedirect
from django.contrib.admin import ModelAdmin, actions
@@ -311,10 +312,18 @@ def login(self, request, extra_context=None):
Displays the login form for the given HttpRequest.
"""
from django.contrib.auth.views import login
+ redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
+ if redirect_to:
+ # security check -- don't allow redirection to a different host
+ netloc = urlparse.urlparse(redirect_to)[1]
+ if netloc and netloc != request.get_host():
+ redirect_to = ''
+ if not redirect_to:
+ redirect_to = request.get_full_path()
context = {
'title': _('Log in'),
'app_path': request.get_full_path(),
- REDIRECT_FIELD_NAME: request.get_full_path(),
+ REDIRECT_FIELD_NAME: redirect_to,
}
context.update(extra_context or {})
defaults = {
Something went wrong with that request. Please try again.