Ticket #11457: 11457-5.patch
| File 11457-5.patch, 3.9 KB (added by , 16 years ago) |
|---|
-
django/contrib/auth/views.py
15 15 from django.contrib.auth.models import User 16 16 from django.views.decorators.cache import never_cache 17 17 18 19 20 21 18 22 @csrf_protect 19 23 @never_cache 20 24 def login(request, template_name='registration/login.html', … … 26 30 form = authentication_form(data=request.POST) 27 31 if form.is_valid(): 28 32 # Light security check -- make sure redirect_to isn't garbage. 29 if not redirect_to or ' //' in redirect_to or '' in redirect_to:33 if not redirect_to or ' ' in redirect_to: 30 34 redirect_to = settings.LOGIN_REDIRECT_URL 35 36 37 38 39 40 41 31 42 from django.contrib.auth import login 32 43 login(request, form.get_user()) 33 44 if request.session.test_cookie_worked(): -
django/contrib/auth/tests/views.py
1 1 import os 2 2 import re 3 3 4 4 5 from django.conf import settings 5 from django.contrib.auth import SESSION_KEY 6 from django.contrib.auth import SESSION_KEY 6 7 from django.contrib.auth.forms import AuthenticationForm 7 8 from django.contrib.sites.models import Site, RequestSite 8 9 from django.contrib.auth.models import User … … 183 184 self.assertEquals(response.context['site_name'], site.name) 184 185 self.assert_(isinstance(response.context['form'], AuthenticationForm), 185 186 'Login form is not an AuthenticationForm') 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 186 227 187 228 class LogoutTest(AuthViewsTestCase): 188 229 urls = 'django.contrib.auth.tests.urls'