Confirmed that this bug exists in Essex, and the patch there looks good to me.
Folsom is not affected. This kind of security hole is one of the (many) reasons I rewrote the entire auth mechanism to be a pluggable backend for Django's contrib.auth module in the Folsom timeframe.
Confirmed that this bug exists in Essex, and the patch there looks good to me.
Folsom is not affected. This kind of security hole is one of the (many) reasons I rewrote the entire auth mechanism to be a pluggable backend for Django's contrib.auth module in the Folsom timeframe.