Commits

Anonymous committed 493093a

[soc2009/admin-ui] The Kaplan-Moss commandeth that thou shalt not allow any ol' anonymous user to make arbitrary queries. And so it was done.

Comments (0)

Files changed (1)

django/contrib/admin/views/autocomplete.py

 from django.utils.encoding import smart_str
 from django.http import HttpResponse, HttpResponseNotFound
 from django.conf import settings
+from django.contrib.admin.views import staff_member_required
  
 def foreignkey_autocomplete(request, related_string_functions=None):
     """
             else:
                 data = to_string_function(obj)
         return HttpResponse(data)
-    return HttpResponseNotFound()
+    return HttpResponseNotFound()
+foreignkey_autocomplete = staff_member_required(foreignkey_autocomplete)