Ticket #15619: ticket15619.diff

File ticket15619.diff, 3.7 KB (added by ashchristopher, 4 years ago)

New patch submitted with a bit more sane method of attack.

  • django/contrib/admin/sites.py

    diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py
    old mode 100644
    new mode 100755
    index 49c1e78..3aa0d50
    a b class AdminSite(object): 
    297297            'current_app': self.name,
    298298            'extra_context': extra_context or {},
    299299        }
     300
    300301        if self.logout_template is not None:
    301302            defaults['template_name'] = self.logout_template
    302         return logout(request, **defaults)
     303
     304        if "POST" == request.method:
     305            return logout(request, **defaults)
     306        else:
     307            context = {
     308                'title' : _("Are you sure?")
     309            }
     310            return TemplateResponse(request, 'admin/logout_confirmation.html', context)
    303311
    304312    @never_cache
    305313    def login(self, request, extra_context=None):
  • django/contrib/admin/templates/admin/base.html

    diff --git a/django/contrib/admin/templates/admin/base.html b/django/contrib/admin/templates/admin/base.html
    old mode 100644
    new mode 100755
    index 4b3c429..d792c00
    a b  
    77<!--[if lte IE 7]><link rel="stylesheet" type="text/css" href="{% block stylesheet_ie %}{% static "admin/css/ie.css" %}{% endblock %}" /><![endif]-->
    88{% if LANGUAGE_BIDI %}<link rel="stylesheet" type="text/css" href="{% block stylesheet_rtl %}{% static "admin/css/rtl.css" %}{% endblock %}" />{% endif %}
    99<script type="text/javascript">window.__admin_media_prefix__ = "{% filter escapejs %}{% static "admin/" %}{% endfilter %}";</script>
     10<script type="text/javascript" src="{% static "admin/js/jquery.min.js" %}"></script>
     11<script type="text/javascript" src="{% static "admin/js/jquery.init.js" %}"></script>
     12
     13<script type="text/javascript">
     14    (function($) {
     15        $(document).ready(function() {
     16            $('a[href="{% url 'admin:logout' %}"]').click(function(ev) {
     17                ev.preventDefault();
     18                $('#logout-form').submit();
     19            });
     20        });
     21    })(django.jQuery);
     22</script>
     23
     24
    1025{% block extrahead %}{% endblock %}
    1126{% block blockbots %}<meta name="robots" content="NONE,NOARCHIVE" />{% endblock %}
    1227</head>
     
    6984    {% block footer %}<div id="footer"></div>{% endblock %}
    7085</div>
    7186<!-- END Container -->
    72 
     87<form id="logout-form" action="{% url 'admin:logout' %}" method="post">{% csrf_token %}</form>
    7388</body>
    7489</html>
  • new file django/contrib/admin/templates/admin/logout_confirmation.html

    diff --git a/django/contrib/admin/templates/admin/logout_confirmation.html b/django/contrib/admin/templates/admin/logout_confirmation.html
    new file mode 100755
    index 0000000..e49cd71
    - +  
     1{% extends "admin/base_site.html" %}
     2{% load i18n %}
     3
     4{% block breadcrumbs %}
     5    <div class="breadcrumbs">
     6        <a href="../">{% trans "Home" %}</a> &rsaquo;
     7    </div>
     8{% endblock %}
     9
     10
     11
     12{% block content %}
     13    <p>Are you sure you want to logout?</p>
     14    <form action="" method="post">
     15        {% csrf_token %}
     16        <div>
     17            <input type="hidden" name="post" value="yes" />
     18            <input type="submit" value="{% trans "Yes, I'm sure" %}" />
     19        </div>
     20    </form>
     21{% endblock %}
     22 No newline at end of file
Back to Top