#23329: Regression in security patch for querystring manipulation in admin
---------------------------------+-------------------------------------
Reporter: Markush2010 | Owner: charettes
Type: Bug | Status: assigned
Component: contrib.admin | Version: 1.5
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 1
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+-------------------------------------
Comment (by ross):
running in to some variant of this problem. i don't have a solution, but i
do have a simple work-around.
i just went to the admin for the target model and overrode
to_field_allowed to explicitly allow the problem field. in my case that
looks like the following:
{{{
def to_field_allowed(self, request, to_field):
return to_field == 'item_ptr' or \
super(BioAdmin, self).to_field_allowed(request, to_field)
}}}
where i have Bio which inherits from Item.
--
Ticket URL: <https://code.djangoproject.com/ticket/23329#comment:11>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/069.adee65ee250a366e5b91cbfc0e591b4d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
