Django

Code

Ticket #1375: main.diff

File main.diff, 2.6 kB (added by Malcolm Tredinnick <malcolm@pointy-stick.com>, 2 years ago)

Escape object idents in admin editing URLs

  • contrib/admin/views/main.py

    old new  
    4141class IncorrectLookupParameters(Exception): 
    4242    pass 
    4343 
     44def quote(s): 
     45    """ 
     46    Ensure that primary key values do not confuse the admin URLs by escaping 
     47    any '/', '_' and ':' characters. Similar to urllib.quote, except that the 
     48        quoting is slightly different so that it doesn't get autoamtically 
     49        unquoted by the web browser. 
     50    """ 
     51    res = list(s) 
     52    for i in range(len(res)): 
     53        c = res[i] 
     54        if c in ':/_': 
     55            res[i] = '_%02X' % ord(c) 
     56    return ''.join(res) 
     57 
     58def unquote(s): 
     59    """ 
     60    Undo the effects of quote(). Based heavily on urllib.unquote(). 
     61    """ 
     62    mychr = chr 
     63    myatoi = int 
     64    list = s.split('_') 
     65    res = [list[0]] 
     66    myappend = res.append 
     67    del list[0] 
     68    for item in list: 
     69        if item[1:2]: 
     70            try: 
     71                myappend(mychr(myatoi(item[:2], 16)) 
     72                     + item[2:]) 
     73            except ValueError: 
     74                myappend('_' + item) 
     75        else: 
     76            myappend('_' + item) 
     77    return "".join(res) 
     78 
    4479def get_javascript_imports(opts, auto_populated_fields, field_sets): 
    4580# Put in any necessary JavaScript imports. 
    4681    js = ['js/core.js', 'js/admin/RelatedObjectLookups.js'] 
     
    250285 
    251286def change_stage(request, app_label, model_name, object_id): 
    252287    model = models.get_model(app_label, model_name) 
     288    object_id = unquote(object_id) 
    253289    if model is None: 
    254290        raise Http404, "App %r, model %r, not found" % (app_label, model_name) 
    255291    opts = model._meta 
     
    433469def delete_stage(request, app_label, model_name, object_id): 
    434470    import sets 
    435471    model = models.get_model(app_label, model_name) 
     472    object_id = unquote(object_id) 
    436473    if model is None: 
    437474        raise Http404, "App %r, model %r, not found" % (app_label, model_name) 
    438475    opts = model._meta 
     
    465502 
    466503def history(request, app_label, model_name, object_id): 
    467504    model = models.get_model(app_label, model_name) 
     505    object_id = unquote(object_id) 
    468506    if model is None: 
    469507        raise Http404, "App %r, model %r, not found" % (app_label, model_name) 
    470508    action_list = LogEntry.objects.filter(object_id=object_id, 
     
    655693        return qs 
    656694 
    657695    def url_for_result(self, result): 
    658         return "%s/" % getattr(result, self.pk_attname
     696        return "%s/" % quote(getattr(result, self.pk_attname)
    659697 
    660698def change_list(request, app_label, model_name): 
    661699    model = models.get_model(app_label, model_name)