Changes between Initial Version and Version 1 of Ticket #25905


Ignore:
Timestamp:
Dec 9, 2015, 11:07:27 PM (9 years ago)
Author:
Aman Ali
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #25905

    • Property Cc aman.ali@… added

  • Ticket #25905 – Description

    initial v1  
    77        return urljoin(self.base_url, filepath_to_uri(get_valid_filename(name)))
    88
    9 This change filters the filename provided through the get_valid_filename function from django.utils.text. This function does a sufficient of eliminating the ability to override the base_url.
     9This change filters the filename provided through the get_valid_filename function from django.utils.text. This function does a sufficient job of eliminating the ability to override the base_url.
    1010
    1111Note: This issue was initially disclosed to the Django security team and was decided not to be treated as a security issue, but instead a bug.
Back to Top