angler-fishThe Vulnerability History Project

Fixed #14881 -- Modified password reset to work with a non-integer UserModel.pk.

      uid is now base64 encoded in password reset URLs/views. A backwards compatible
password_reset_confirm view/URL will allow password reset links generated before
this change to continue to work. This view will be removed in Django 1.7.

Thanks jonash for the initial patch and claudep for the review.
by Lindsey the Elephant Seal 2013-06-21 20:59:33 UTC
commit 1184d077893ff1bc947e45b00a4d565f3df81776
Django VCC URL Not Validated CVE-2015-2317 VCC CVE-2019-19844
django/contrib/admin/templates/registration/password_reset_email.html
+1 -1
django/contrib/auth/forms.py
+2 -3
django/contrib/auth/tests/templates/registration/password_reset_email.html
+1 -1
django/contrib/auth/tests/test_views.py
+2 -22
django/contrib/auth/tests/urls.py
+3 -2
django/contrib/auth/urls.py
-3
django/contrib/auth/views.py
+6 -15
django/utils/http.py
+1 -20
docs/internals/deprecation.txt
-8
docs/ref/contrib/admin/index.txt
+1 -6
docs/ref/utils.txt
-14
docs/releases/1.6.txt
-53
docs/topics/auth/default.txt
+6 -16
expand_less