Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Fixed #18161 changing the determination of redirect url in admin login #135

Closed
wants to merge 1 commit into from

3 participants

Pedro Lima Tim Graham wodo
Pedro Lima
pvl commented June 08, 2012

Changed the logic for determination of the redirect URL in admin login to match the logic in the login view, as proposed by andrewgodwin in the ticket #18161

wodo

I did a patch of Django 1.4.2 and the issue seems to be solved.

Tim Graham
Owner

Ticket has been closed as invalid.

Tim Graham timgraham closed this May 31, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Jun 08, 2012
Pedro Lima Fixed #18161 chaning the determination of redirect url in admin login a2b12a5
This page is out of date. Refresh to see the latest.

Showing 1 changed file with 10 additions and 1 deletion. Show diff stats Hide diff stats

  1. 11  django/contrib/admin/sites.py
11  django/contrib/admin/sites.py
... ...
@@ -1,3 +1,4 @@
  1
+import urlparse
1 2
 from functools import update_wrapper
2 3
 from django.http import Http404, HttpResponseRedirect
3 4
 from django.contrib.admin import ModelAdmin, actions
@@ -311,10 +312,18 @@ def login(self, request, extra_context=None):
311 312
         Displays the login form for the given HttpRequest.
312 313
         """
313 314
         from django.contrib.auth.views import login
  315
+        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
  316
+        if redirect_to:
  317
+            # security check -- don't allow redirection to a different host
  318
+            netloc = urlparse.urlparse(redirect_to)[1]
  319
+            if netloc and netloc != request.get_host():
  320
+                redirect_to = ''
  321
+        if not redirect_to:
  322
+            redirect_to = request.get_full_path()
314 323
         context = {
315 324
             'title': _('Log in'),
316 325
             'app_path': request.get_full_path(),
317  
-            REDIRECT_FIELD_NAME: request.get_full_path(),
  326
+            REDIRECT_FIELD_NAME: redirect_to,
318 327
         }
319 328
         context.update(extra_context or {})
320 329
         defaults = {
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.