angler-fishThe Vulnerability History Project

Fixes #11025 -- ability to specify LOGIN_URL as full qualified absolute URL.

      auth.views.login now allows for login redirections for different schemes
with the same host (or no host even, e.g. 'https:///login/')

auth.decorators.login_required can now use lazy urls (refs #5925)

git-svn-id: http://code.djangoproject.com/svn/django/trunk@14733 bcc190cf-cafb-0310-a4f2-bffc1f526a37
by Claire the Cobra 2010-11-27 22:43:33 UTC
commit e74edb4d53b089ec57ec4830eeba98607283a092
Django VCC CVE-2012-4520 VCC CVE-2013-6044 VCC URL Is Not Safe CVE-2014-3730
django/contrib/auth/decorators.py
+11 -17
django/contrib/auth/tests/__init__.py
+2 -2
django/contrib/auth/tests/views.py
+15 -75
django/contrib/auth/views.py
+10 -19
expand_less