Ticket #15821: 15821.diff

File 15821.diff, 817 bytes (added by aaugustin, 4 years ago)
  • docs/releases/1.3.txt

     
    353353
    354354Prior to Django 1.2.5, the Django administrative interface allowed
    355355filtering on any model field or relation -- not just those specified
    356 in ``list_filter`` -- via query string manipulation. Due to `security
     356in ``list_filter`` -- via query string manipulation. Due to `other security
    357357issues`_ reported to us, however, query string lookup arguments in the
    358358admin must be for fields or relations specified in ``list_filter`` or
    359359``date_hierarchy``.
    360360
     361.. _other security issues: http://www.djangoproject.com/weblog/2010/dec/22/security/
     362
    361363FileField no longer deletes files
    362364~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    363365
Back to Top