Ticket #5999: nfa-expired-session-5999.patch
| File nfa-expired-session-5999.patch, 2.4 KB (added by , 16 years ago) |
|---|
-
django/contrib/admin/sites.py
113 113 return self.logout(request) 114 114 115 115 if not self.has_permission(request): 116 return self.login(request) 117 118 116 response = self.login(request) 117 if response: 118 # make sure that there is a response before returning 119 # this addresses any post data that might persist from 120 # expired sessions and continue through (#5999) 121 return response 122 119 123 if url == '': 120 124 return self.index(request) 121 125 elif url == 'password_change': … … 245 249 # overwrite request.POST with the saved post_data, and continue 246 250 request.POST = post_data 247 251 request.user = user 248 return view_func(request, *args, **kwargs)252 return 249 253 else: 250 254 request.session.delete_test_cookie() 251 255 return http.HttpResponseRedirect(request.path) -
tests/regressiontests/admin_views/tests.py
145 145 self.failUnlessEqual(Article.objects.all().count(), 3) 146 146 self.client.get('/test_admin/admin/logout/') 147 147 148 # Check and make sure that if user expires, data still persists 149 post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict) 150 self.assertContains(post, 'Please log in again, because your session has expired.') 151 self.super_login['post_data'] = _encode_post_data(add_dict) 152 post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login) 153 self.assertRedirects(post, '/test_admin/admin/admin_views/article/') 154 self.failUnlessEqual(Article.objects.all().count(), 4) 155 self.client.get('/test_admin/admin/logout/') 156 157 148 158 def testChangeView(self): 149 159 """Change view should restrict access and allow users to edit items.""" 150 160