#12866: Unsecured fields in ModelAdmin
---------------------------------------------+------------------------------
Reporter: skrat | Owner: nobody
Status: closed | Milestone: 1.2
Component: django.contrib.admin | Version: 1.1
Resolution: worksforme | Keywords: security
Stage: Design decision needed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
---------------------------------------------+------------------------------
Changes (by russellm):
* status: reopened => closed
* resolution: => worksforme
Comment:
The form that saves an object (which is developed from the ModelAdmin
definition) determines the fields that will be updated, not the keys
provided in a POST.
Marking worksforme because I don't see how you could generate the problem
you describe, and without a test case, there isn't enough information to
validate a specific failure. Feel free to reopen if you can provide a
specific case that fails in the way you describe. Preferably, this should
be in the form of a test case against Django's own test suite, but a
specific set of instructions for how to build (and break) a test
application will also suffice.
--
Ticket URL: <http://code.djangoproject.com/ticket/12866#comment:3>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
