Code

Ticket #15619: ticket15619.diff

File ticket15619.diff, 3.7 KB (added by ashchristopher, 3 years ago)

New patch submitted with a bit more sane method of attack.

Line 
1diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py
2old mode 100644
3new mode 100755
4index 49c1e78..3aa0d50
5--- a/django/contrib/admin/sites.py
6+++ b/django/contrib/admin/sites.py
7@@ -297,9 +297,17 @@ class AdminSite(object):
8             'current_app': self.name,
9             'extra_context': extra_context or {},
10         }
11+
12         if self.logout_template is not None:
13             defaults['template_name'] = self.logout_template
14-        return logout(request, **defaults)
15+
16+        if "POST" == request.method:
17+            return logout(request, **defaults)
18+        else:
19+            context = {
20+                'title' : _("Are you sure?")
21+            }
22+            return TemplateResponse(request, 'admin/logout_confirmation.html', context)
23 
24     @never_cache
25     def login(self, request, extra_context=None):
26diff --git a/django/contrib/admin/templates/admin/base.html b/django/contrib/admin/templates/admin/base.html
27old mode 100644
28new mode 100755
29index 4b3c429..d792c00
30--- a/django/contrib/admin/templates/admin/base.html
31+++ b/django/contrib/admin/templates/admin/base.html
32@@ -7,6 +7,21 @@
33 <!--[if lte IE 7]><link rel="stylesheet" type="text/css" href="{% block stylesheet_ie %}{% static "admin/css/ie.css" %}{% endblock %}" /><![endif]-->
34 {% if LANGUAGE_BIDI %}<link rel="stylesheet" type="text/css" href="{% block stylesheet_rtl %}{% static "admin/css/rtl.css" %}{% endblock %}" />{% endif %}
35 <script type="text/javascript">window.__admin_media_prefix__ = "{% filter escapejs %}{% static "admin/" %}{% endfilter %}";</script>
36+<script type="text/javascript" src="{% static "admin/js/jquery.min.js" %}"></script>
37+<script type="text/javascript" src="{% static "admin/js/jquery.init.js" %}"></script>
38+
39+<script type="text/javascript">
40+    (function($) {
41+        $(document).ready(function() {
42+            $('a[href="{% url 'admin:logout' %}"]').click(function(ev) {
43+                ev.preventDefault();
44+                $('#logout-form').submit();
45+            });
46+        });
47+    })(django.jQuery);
48+</script>
49+
50+
51 {% block extrahead %}{% endblock %}
52 {% block blockbots %}<meta name="robots" content="NONE,NOARCHIVE" />{% endblock %}
53 </head>
54@@ -69,6 +84,6 @@
55     {% block footer %}<div id="footer"></div>{% endblock %}
56 </div>
57 <!-- END Container -->
58-
59+<form id="logout-form" action="{% url 'admin:logout' %}" method="post">{% csrf_token %}</form>
60 </body>
61 </html>
62diff --git a/django/contrib/admin/templates/admin/logout_confirmation.html b/django/contrib/admin/templates/admin/logout_confirmation.html
63new file mode 100755
64index 0000000..e49cd71
65--- /dev/null
66+++ b/django/contrib/admin/templates/admin/logout_confirmation.html
67@@ -0,0 +1,21 @@
68+{% extends "admin/base_site.html" %}
69+{% load i18n %}
70+
71+{% block breadcrumbs %}
72+    <div class="breadcrumbs">
73+        <a href="../">{% trans "Home" %}</a> &rsaquo;
74+    </div>
75+{% endblock %}
76+
77+
78+
79+{% block content %}
80+    <p>Are you sure you want to logout?</p>
81+    <form action="" method="post">
82+        {% csrf_token %}
83+        <div>
84+            <input type="hidden" name="post" value="yes" />
85+            <input type="submit" value="{% trans "Yes, I'm sure" %}" />
86+        </div>
87+    </form>
88+{% endblock %}
89\ No newline at end of file
90diff --git a/django/contrib/admin/templates/registration/password_change_done.html b/django/contrib/admin/templates/registration/password_change_done.html
91old mode 100644
92new mode 100755
93diff --git a/django/contrib/admin/templates/registration/password_change_form.html b/django/contrib/admin/templates/registration/password_change_form.html
94old mode 100644
95new mode 100755
96diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
97old mode 100644
98new mode 100755