Skip to content


Fixed #18161 changing the determination of redirect url in admin login #135

wants to merge 1 commit into from

3 participants

pvl commented

Changed the logic for determination of the redirect URL in admin login to match the logic in the login view, as proposed by andrewgodwin in the ticket #18161


I did a patch of Django 1.4.2 and the issue seems to be solved.

Django member

Ticket has been closed as invalid.

@timgraham timgraham closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 10 additions and 1 deletion.
  1. +10 −1 django/contrib/admin/
11 django/contrib/admin/
@@ -1,3 +1,4 @@
+import urlparse
from functools import update_wrapper
from django.http import Http404, HttpResponseRedirect
from django.contrib.admin import ModelAdmin, actions
@@ -311,10 +312,18 @@ def login(self, request, extra_context=None):
Displays the login form for the given HttpRequest.
from django.contrib.auth.views import login
+ redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
+ if redirect_to:
+ # security check -- don't allow redirection to a different host
+ netloc = urlparse.urlparse(redirect_to)[1]
+ if netloc and netloc != request.get_host():
+ redirect_to = ''
+ if not redirect_to:
+ redirect_to = request.get_full_path()
context = {
'title': _('Log in'),
'app_path': request.get_full_path(),
- REDIRECT_FIELD_NAME: request.get_full_path(),
+ REDIRECT_FIELD_NAME: redirect_to,
context.update(extra_context or {})
defaults = {
Something went wrong with that request. Please try again.