Ticket #2359: 03-admin-changes.diff
| File 03-admin-changes.diff, 36.9 kB (added by mtredinnick, 2 years ago) |
|---|
-
a/django/contrib/admin/filterspecs.py
old new 7 7 """ 8 8 9 9 from django.db import models 10 from django.utils import html 10 11 import datetime 11 12 12 13 class FilterSpec(object): … … 37 38 def output(self, cl): 38 39 t = [] 39 40 if self.has_output(): 40 t.append(_('<h3>By %s:</h3>\n<ul>\n') % self.title())41 t.append(_('<h3>By %s:</h3>\n<ul>\n') % html.escape(self.title())) 41 42 42 43 for choice in self.choices(cl): 43 44 t.append('<li%s><a href="%s">%s</a></li>\n' % \ -
a/django/contrib/admin/models.py
old new 2 2 from django.contrib.contenttypes.models import ContentType 3 3 from django.contrib.auth.models import User 4 4 from django.utils.translation import gettext_lazy as _ 5 from django.utils.safestring import mark_safe 5 6 6 7 ADDITION = 1 7 8 CHANGE = 2 … … 48 49 Returns the admin URL to edit the object represented by this log entry. 49 50 This is relative to the Django admin index page. 50 51 """ 51 return "%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id)52 return mark_safe("%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id)) -
a/django/contrib/admin/templates/admin/base.html
old new 12 12 <body class="{% if is_popup %}popup {% endif %}{% block bodyclass %}{% endblock %}"> 13 13 14 14 <!-- Container --> 15 {% autoescape %} 15 16 <div id="container"> 16 17 17 18 {% if not is_popup %} … … 21 22 {% block branding %}{% endblock %} 22 23 </div> 23 24 {% if user.is_authenticated and user.is_staff %} 24 <div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name |escape}}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div>25 <div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name }}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div> 25 26 {% endif %} 26 27 {% block nav-global %}{% endblock %} 27 28 </div> 28 29 <!-- END Header --> 29 {% block breadcrumbs %}<div class="breadcrumbs"><a href="/">{% trans 'Home' %}</a>{% if title %} › {{ title |escape}}{% endif %}</div>{% endblock %}30 {% block breadcrumbs %}<div class="breadcrumbs"><a href="/">{% trans 'Home' %}</a>{% if title %} › {{ title }}{% endif %}</div>{% endblock %} 30 31 {% endif %} 31 32 32 33 {% if messages %} 33 <ul class="messagelist">{% for message in messages %}<li>{{ message |escape}}</li>{% endfor %}</ul>34 <ul class="messagelist">{% for message in messages %}<li>{{ message }}</li>{% endfor %}</ul> 34 35 {% endif %} 35 36 36 37 <!-- Content --> 37 38 <div id="content" class="{% block coltype %}colM{% endblock %}"> 38 39 {% block pretitle %}{% endblock %} 39 {% block content_title %}{% if title %}<h1>{{ title |escape}}</h1>{% endif %}{% endblock %}40 {% block content_title %}{% if title %}<h1>{{ title }}</h1>{% endif %}{% endblock %} 40 41 {% block content %}{{ content }}{% endblock %} 41 42 {% block sidebar %}{% endblock %} 42 43 <br class="clear" /> … … 45 46 46 47 {% block footer %}<div id="footer"></div>{% endblock %} 47 48 </div> 49 {% endautoescape %} 48 50 <!-- END Container --> 49 51 50 52 </body> -
a/django/contrib/admin/templates/admin/base_site.html
old new 1 1 {% extends "admin/base.html" %} 2 2 {% load i18n %} 3 3 4 {% block title %}{{ title |escape}} | {% trans 'Django site admin' %}{% endblock %}4 {% block title %}{{ title }} | {% trans 'Django site admin' %}{% endblock %} 5 5 6 6 {% block branding %} 7 7 <h1 id="site-name">{% trans 'Django administration' %}</h1> -
a/django/contrib/admin/templates/admin/change_form.html
old new 11 11 {% block breadcrumbs %}{% if not is_popup %} 12 12 <div class="breadcrumbs"> 13 13 <a href="../../../">{% trans "Home" %}</a> › 14 <a href="../">{{ opts.verbose_name_plural|capfirst |escape}}</a> ›15 {% if add %}{% trans "Add" %} {{ opts.verbose_name |escape }}{% else %}{{ original|truncatewords:"18"|escape}}{% endif %}14 <a href="../">{{ opts.verbose_name_plural|capfirst }}</a> › 15 {% if add %}{% trans "Add" %} {{ opts.verbose_name }}{% else %}{{ original|truncatewords:"18" }}{% endif %} 16 16 </div> 17 17 {% endif %}{% endblock %} 18 18 {% block content %}<div id="content-main"> -
a/django/contrib/admin/templates/admin/change_list.html
old new 3 3 {% block stylesheet %}{% admin_media_prefix %}css/changelists.css{% endblock %} 4 4 {% block bodyclass %}change-list{% endblock %} 5 5 {% block userlinks %}<a href="../../doc/">{% trans 'Documentation' %}</a> / <a href="../../password_change/">{% trans 'Change password' %}</a> / <a href="../../logout/">{% trans 'Log out' %}</a>{% endblock %} 6 {% if not is_popup %}{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans "Home" %}</a> › {{ cl.opts.verbose_name_plural|capfirst |escape}}</div>{% endblock %}{% endif %}6 {% if not is_popup %}{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans "Home" %}</a> › {{ cl.opts.verbose_name_plural|capfirst }}</div>{% endblock %}{% endif %} 7 7 {% block coltype %}flex{% endblock %} 8 8 {% block content %} 9 9 <div id="content-main"> -
a/django/contrib/admin/templates/admin/date_hierarchy.html
old new 1 1 {% if show %} 2 2 <div class="xfull"> 3 3 <ul class="toplinks"> 4 {% if back %}<li class="date-back"><a href="{{ back.link }}">‹ {{ back.title |escape}}</a></li>{% endif %}4 {% if back %}<li class="date-back"><a href="{{ back.link }}">‹ {{ back.title }}</a></li>{% endif %} 5 5 {% for choice in choices %} 6 <li> {% if choice.link %}<a href="{{ choice.link }}">{% endif %}{{ choice.title |escape}}{% if choice.link %}</a>{% endif %}</li>6 <li> {% if choice.link %}<a href="{{ choice.link }}">{% endif %}{{ choice.title }}{% if choice.link %}</a>{% endif %}</li> 7 7 {% endfor %} 8 8 </ul><br class="clear" /> 9 9 </div> -
a/django/contrib/admin/templates/admin/delete_confirmation.html
old new 4 4 {% block breadcrumbs %} 5 5 <div class="breadcrumbs"> 6 6 <a href="../../../../">{% trans "Home" %}</a> › 7 <a href="../../">{{ opts.verbose_name_plural|capfirst |escape}}</a> ›7 <a href="../../">{{ opts.verbose_name_plural|capfirst }}</a> › 8 8 <a href="../">{{ object|escape|truncatewords:"18" }}</a> › 9 9 {% trans 'Delete' %} 10 10 </div> … … 14 14 <p>{% blocktrans with object|escape as escaped_object %}Deleting the {{ object_name }} '{{ escaped_object }}' would result in deleting related objects, but your account doesn't have permission to delete the following types of objects:{% endblocktrans %}</p> 15 15 <ul> 16 16 {% for obj in perms_lacking %} 17 <li>{{ obj |escape}}</li>17 <li>{{ obj }}</li> 18 18 {% endfor %} 19 19 </ul> 20 20 {% else %} -
a/django/contrib/admin/templates/admin/edit_inline_stacked.html
old new 1 1 {% load admin_modify %} 2 2 <fieldset class="module aligned"> 3 3 {% for fcw in bound_related_object.form_field_collection_wrappers %} 4 <h2>{{ bound_related_object.relation.opts.verbose_name|capfirst |escape}} #{{ forloop.counter }}</h2>4 <h2>{{ bound_related_object.relation.opts.verbose_name|capfirst }} #{{ forloop.counter }}</h2> 5 5 {% if bound_related_object.show_url %}{% if fcw.obj.original %} 6 6 <p><a href="/r/{{ fcw.obj.original.content_type_id }}/{{ fcw.obj.original.id }}/">View on site</a></p> 7 7 {% endif %}{% endif %} -
a/django/contrib/admin/templates/admin/edit_inline_tabular.html
old new 1 1 {% load admin_modify %} 2 2 <fieldset class="module"> 3 <h2>{{ bound_related_object.relation.opts.verbose_name_plural|capfirst |escape}}</h2><table>3 <h2>{{ bound_related_object.relation.opts.verbose_name_plural|capfirst }}</h2><table> 4 4 <thead><tr> 5 5 {% for fw in bound_related_object.field_wrapper_list %} 6 6 {% if fw.needs_header %} 7 <th{{ fw.header_class_attribute }}>{{ fw.field.verbose_name|capfirst |escape}}</th>7 <th{{ fw.header_class_attribute }}>{{ fw.field.verbose_name|capfirst }}</th> 8 8 {% endif %} 9 9 {% endfor %} 10 10 {% for fcw in bound_related_object.form_field_collection_wrappers %} -
a/django/contrib/admin/templates/admin/filter.html
old new 3 3 <ul> 4 4 {% for choice in choices %} 5 5 <li{% if choice.selected %} class="selected"{% endif %}> 6 <a href="{{ choice.query_string }}">{{ choice.display|escape}}</a></li>6 <a href="{{ choice.query_string|safe }}">{{ choice.display }}</a></li> 7 7 {% endfor %} 8 8 </ul> -
a/django/contrib/admin/templates/admin/index.html
old new 19 19 {% for model in app.models %} 20 20 <tr> 21 21 {% if model.perms.change %} 22 <th scope="row"><a href="{{ model.admin_url }}">{{ model.name |escape}}</a></th>22 <th scope="row"><a href="{{ model.admin_url }}">{{ model.name }}</a></th> 23 23 {% else %} 24 <th scope="row">{{ model.name |escape}}</th>24 <th scope="row">{{ model.name }}</th> 25 25 {% endif %} 26 26 27 27 {% if model.perms.add %} … … 58 58 {% else %} 59 59 <ul class="actionlist"> 60 60 {% for entry in admin_log %} 61 <li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">{% if not entry.is_deletion %}<a href="{{ entry.get_admin_url }}">{% endif %}{{ entry.object_repr |escape }}{% if not entry.is_deletion %}</a>{% endif %}<br /><span class="mini quiet">{{ entry.content_type.name|capfirst|escape}}</span></li>61 <li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">{% if not entry.is_deletion %}<a href="{{ entry.get_admin_url }}">{% endif %}{{ entry.object_repr }}{% if not entry.is_deletion %}</a>{% endif %}<br /><span class="mini quiet">{{ entry.content_type.name|capfirst }}</span></li> 62 62 {% endfor %} 63 63 </ul> 64 64 {% endif %} -
a/django/contrib/admin/templates/admin/invalid_setup.html
old new 1 1 {% extends "admin/base_site.html" %} 2 2 {% load i18n %} 3 3 4 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans 'Home' %}</a> › {{ title |escape}}</div>{% endblock %}4 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans 'Home' %}</a> › {{ title }}</div>{% endblock %} 5 5 6 6 {% block content %} 7 7 -
a/django/contrib/admin/templates/admin/object_history.html
old new 2 2 {% load i18n %} 3 3 {% block userlinks %}<a href="../../../../doc/">{% trans 'Documentation' %}</a> / <a href="../../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../../logout/">{% trans 'Log out' %}</a>{% endblock %} 4 4 {% block breadcrumbs %} 5 <div class="breadcrumbs"><a href="../../../../">{% trans 'Home' %}</a> › <a href="../../">{{ module_name |escape }}</a> › <a href="../">{{ object|escape|truncatewords:"18" }}</a> › {% trans 'History' %}</div>5 <div class="breadcrumbs"><a href="../../../../">{% trans 'Home' %}</a> › <a href="../../">{{ module_name }}</a> › <a href="../">{{ object|truncatewords:"18" }}</a> › {% trans 'History' %}</div> 6 6 {% endblock %} 7 7 8 8 {% block content %} … … 24 24 {% for action in action_list %} 25 25 <tr> 26 26 <th scope="row">{{ action.action_time|date:_("DATE_WITH_TIME_FULL") }}</th> 27 <td>{{ action.user.username }}{% if action.user.first_name %} ({{ action.user.first_name |escape }} {{ action.user.last_name|escape }}){% endif %}</td>28 <td>{{ action.change_message |escape}}</td>27 <td>{{ action.user.username }}{% if action.user.first_name %} ({{ action.user.first_name }} {{ action.user.last_name }}){% endif %}</td> 28 <td>{{ action.change_message }}</td> 29 29 </tr> 30 30 {% endfor %} 31 31 </tbody> -
a/django/contrib/admin/templates/admin/pagination.html
old new 6 6 {% paginator_number cl i %} 7 7 {% endfor %} 8 8 {% endif %} 9 {{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name|escape }}{% else %}{{ cl.opts.verbose_name_plural |escape}}{% endifequal %}9 {{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name|escape }}{% else %}{{ cl.opts.verbose_name_plural }}{% endifequal %} 10 10 {% if show_all_url %} <a href="{{ show_all_url }}" class="showall">{% trans 'Show all' %}</a>{% endif %} 11 11 </p> -
a/django/contrib/admin/templates/admin/search_form.html
old new 4 4 <div id="toolbar"><form id="changelist-search" action="" method="get"> 5 5 <div><!-- DIV needed for valid HTML --> 6 6 <label for="searchbar"><img src="{% admin_media_prefix %}img/admin/icon_searchbox.png" alt="Search" /></label> 7 <input type="text" size="40" name="{{ search_var }}" value="{{ cl.query |escape}}" id="searchbar" />7 <input type="text" size="40" name="{{ search_var }}" value="{{ cl.query }}" id="searchbar" /> 8 8 <input type="submit" value="{% trans 'Go' %}" /> 9 9 {% if show_result_count %} 10 10 <span class="small quiet">{% blocktrans count cl.result_count as counter %}1 result{% plural %}{{ counter }} results{% endblocktrans %} (<a href="?">{% blocktrans with cl.full_result_count as full_result_count %}{{ full_result_count }} total{% endblocktrans %}</a>)</span> 11 11 {% endif %} 12 12 {% for pair in cl.params.items %} 13 {% ifnotequal pair.0 search_var %}<input type="hidden" name="{{ pair.0 |escape }}" value="{{ pair.1|escape}}"/>{% endifnotequal %}13 {% ifnotequal pair.0 search_var %}<input type="hidden" name="{{ pair.0 }}" value="{{ pair.1 }}"/>{% endifnotequal %} 14 14 {% endfor %} 15 15 </div> 16 16 </form></div> -
a/django/contrib/admin/templates/admin_doc/model_detail.html
old new 9 9 </style> 10 10 {% endblock %} 11 11 12 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> › <a href="../../">Documentation</a> › <a href="../">Models</a> › {{ name |escape}}</div>{% endblock %}12 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> › <a href="../../">Documentation</a> › <a href="../">Models</a> › {{ name }}</div>{% endblock %} 13 13 14 {% block title %}Model: {{ name |escape}}{% endblock %}14 {% block title %}Model: {{ name }}{% endblock %} 15 15 16 16 {% block content %} 17 17 <div id="content-main"> 18 <h1>{{ summary |escape}}</h1>18 <h1>{{ summary }}</h1> 19 19 20 20 {% if description %} 21 <p>{% filter escape|linebreaksbr %}{% trans description %}{% endfilter %}</p>21 <p>{% filter linebreaksbr %}{% trans description %}{% endfilter %}</p> 22 22 {% endif %} 23 23 24 24 <div class="module"> … … 35 35 <tr> 36 36 <td>{{ field.name }}</td> 37 37 <td>{{ field.data_type }}</td> 38 <td>{% if field.verbose %}{{ field.verbose |escape }}{% endif %}{% if field.help_text %} - {{ field.help_text|escape}}{% endif %}</td>38 <td>{% if field.verbose %}{{ field.verbose }}{% endif %}{% if field.help_text %} - {{ field.help_text }}{% endif %}</td> 39 39 </tr> 40 40 {% endfor %} 41 41 </tbody> -
a/django/contrib/admin/templates/admin_doc/template_detail.html
old new 1 1 {% extends "admin/base_site.html" %} 2 2 {% load i18n %} 3 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> › <a href="../../">Documentation</a> › Templates › {{ name |escape}}</div>{% endblock %}3 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> › <a href="../../">Documentation</a> › Templates › {{ name }}</div>{% endblock %} 4 4 {% block userlinks %}<a href="../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../logout/">{% trans 'Log out' %}</a>{% endblock %} 5 5 6 {% block title %}Template: {{ name |escape}}{% endblock %}6 {% block title %}Template: {{ name }}{% endblock %} 7 7 8 8 {% block content %} 9 <h1>Template: "{{ name |escape}}"</h1>9 <h1>Template: "{{ name }}"</h1> 10 10 11 11 {% regroup templates|dictsort:"site_id" by site as templates_by_site %} 12 12 {% for group in templates_by_site %} 13 <h2>Search path for template "{{ name |escape}}" on {{ group.grouper }}:</h2>13 <h2>Search path for template "{{ name }}" on {{ group.grouper }}:</h2> 14 14 <ol> 15 15 {% for template in group.list|dictsort:"order" %} 16 <li><code>{{ template.file |escape}}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>16 <li><code>{{ template.file }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li> 17 17 {% endfor %} 18 18 </ol> 19 19 {% endfor %} -
a/django/contrib/admin/templates/admin_doc/view_detail.html
old new 8 8 9 9 <h1>{{ name }}</h1> 10 10 11 <h2 class="subhead">{{ summary |escape}}</h2>11 <h2 class="subhead">{{ summary }}</h2> 12 12 13 13 <p>{{ body }}</p> 14 14 -
a/django/contrib/admin/templates/widget/foreign.html
old new 15 15 {{ bound_field.original_value }} 16 16 {% endif %} 17 17 {% if bound_field.raw_id_admin %} 18 {% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" |escape}}</strong>{% endif %}18 {% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %} 19 19 {% endif %} 20 20 {% endif %} -
a/django/contrib/admin/templates/widget/one_to_one.html
old new 1 1 {% if add %}{% include "widget/foreign.html" %}{% endif %} 2 {% if change %}{% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" |escape}}</strong>{% endif %}{% endif %}2 {% if change %}{% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %}{% endif %} -
a/django/contrib/admin/templatetags/admin_list.py
old new 6 6 from django.utils import dateformat 7 7 from django.utils.html import escape 8 8 from django.utils.text import capfirst 9 from django.utils.safestring import mark_safe 9 10 from django.utils.translation import get_date_formats, get_partial_date_formats 10 11 from django.template import Library 11 12 import datetime … … 18 19 if i == DOT: 19 20 return '... ' 20 21 elif i == cl.page_num: 21 return '<span class="this-page">%d</span> ' % (i+1)22 return mark_safe('<span class="this-page">%d</span> ' % (i+1)) 22 23 else: 23 return '<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.pages-1 and ' class="end"' or ''), i+1)24 return mark_safe('<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.pages-1 and ' class="end"' or ''), i+1)) 24 25 paginator_number = register.simple_tag(paginator_number) 25 26 26 27 def pagination(cl): … … 169 170 first = False 170 171 url = cl.url_for_result(result) 171 172 result_id = str(getattr(result, pk)) # str() is needed in case of 23L (long ints) 172 yield ('<%s%s><a href="%s"%s>%s</a></%s>' % \173 yield mark_safe('<%s%s><a href="%s"%s>%s</a></%s>' % \ 173 174 (table_tag, row_class, url, (cl.is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %r); return false;"' % result_id or ''), result_repr, table_tag)) 174 175 else: 175 yield ('<td%s>%s</td>' % (row_class, result_repr))176 yield mark_safe('<td%s>%s</td>' % (row_class, result_repr)) 176 177 177 178 def results(cl): 178 179 for res in cl.result_list: … … 196 197 day_lookup = cl.params.get(day_field) 197 198 year_month_format, month_day_format = get_partial_date_formats() 198 199 199 link = lambda d: cl.get_query_string(d, [field_generic])200 link = lambda d: mark_safe(cl.get_query_string(d, [field_generic])) 200 201 201 202 if year_lookup and month_lookup and day_lookup: 202 203 day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup)) -
a/django/contrib/admin/templatetags/admin_modify.py
old new 2 2 from django.contrib.admin.views.main import AdminBoundField 3 3 from django.template import loader 4 4 from django.utils.text import capfirst 5 from django.utils.html import escape 6 from django.utils.safestring import mark_safe 5 7 from django.db import models 6 8 from django.db.models.fields import Field 7 9 from django.db.models.related import BoundRelatedObject … … 29 31 <script type="text/javascript" src="/media/admin/js/calendar.js"> 30 32 """ 31 33 32 return '<script type="text/javascript" src="%s%s"></script>' % (settings.ADMIN_MEDIA_PREFIX, script_path)34 return mark_safe('<script type="text/javascript" src="%s%s"></script>' % (settings.ADMIN_MEDIA_PREFIX, script_path)) 33 35 include_admin_script = register.simple_tag(include_admin_script) 34 36 35 37 def submit_row(context): … … 60 62 class_names.append('inline') 61 63 colon = ":" 62 64 class_str = class_names and ' class="%s"' % ' '.join(class_names) or '' 63 return '<label for="%s"%s>%s%s</label> ' % (bound_field.element_id, class_str, \64 capfirst(bound_field.field.verbose_name), colon)65 return mark_safe('<label for="%s"%s>%s%s</label> ' % (bound_field.element_id, class_str, \ 66 escape(capfirst(bound_field.field.verbose_name)), colon)) 65 67 field_label = register.simple_tag(field_label) 66 68 67 69 class FieldWidgetNode(template.Node): … … 188 190 ' var e = document.getElementById("id_%s");' \ 189 191 ' if(!e._changed) { e.value = URLify(%s, %s);} }; ' % ( 190 192 f, field.name, add_values, field.maxlength)) 191 return ''.join(t)193 return mark_safe(''.join(t)) 192 194 auto_populated_field_script = register.simple_tag(auto_populated_field_script) 193 195 194 196 def filter_interface_script_maybe(bound_field): 195 197 f = bound_field.field 196 198 if f.rel and isinstance(f.rel, models.ManyToManyRel) and f.rel.filter_interface: 197 return '<script type="text/javascript">addEvent(window, "load", function(e) {' \199 return mark_safe('<script type="text/javascript">addEvent(window, "load", function(e) {' \ 198 200 ' SelectFilter.init("id_%s", "%s", %s, "%s"); });</script>\n' % ( 199 f.name, f.verbose_name, f.rel.filter_interface-1, settings.ADMIN_MEDIA_PREFIX)201 f.name, escape(f.verbose_name), f.rel.filter_interface-1, settings.ADMIN_MEDIA_PREFIX)) 200 202 else: 201 203 return '' 202 204 filter_interface_script_maybe = register.simple_tag(filter_interface_script_maybe) -
a/django/contrib/admin/utils.py
old new 3 3 import re 4 4 from email.Parser import HeaderParser 5 5 from email.Errors import HeaderParseError 6 from django.utils.safestring import mark_safe 6 7 try: 7 8 import docutils.core 8 9 import docutils.nodes … … 66 67 parts = docutils.core.publish_parts(text, source_path=thing_being_parsed, 67 68 destination_path=None, writer_name='html', 68 69 settings_overrides=overrides) 69 return parts['fragment']70 return mark_safe(parts['fragment']) 70 71 71 72 # 72 73 # reST roles -
a/django/contrib/admin/views/decorators.py
old new 22 22 post_data = _encode_post_data({}) 23 23 return render_to_response('admin/login.html', { 24 24 'title': _('Log in'), 25 'app_path': request.path,25 'app_path': mark_safe(request.path), 26 26 'post_data': post_data, 27 27 'error_message': error_message 28 28 }, context_instance=template.RequestContext(request)) -
a/django/contrib/admin/views/doc.py
old new 9 9 from django.core import urlresolvers 10 10 from django.contrib.admin import utils 11 11 from django.contrib.sites.models import Site 12 from django.utils.safestring import mark_safe 12 13 import inspect, os, re 13 14 14 15 # Exclude methods starting with these strings from documentation … … 28 29 # Hack! This couples this view to the URL it lives at. 29 30 admin_root = request.path[:-len('doc/bookmarklets/')] 30 31 return render_to_response('admin_doc/bookmarklets.html', { 31 'admin_url': "%s://%s%s" % (request.is_secure() and 'https' or 'http', get_host(request), admin_root),32 'admin_url': mark_safe("%s://%s%s" % (request.is_secure() and 'https' or 'http', get_host(request), admin_root)), 32 33 }, context_instance=RequestContext(request)) 33 34 bookmarklets = staff_member_required(bookmarklets) 34 35 -
a/django/contrib/admin/views/main.py
old new 12 12 from django.http import Http404, HttpResponse, HttpResponseRedirect 13 13 from django.utils.html import escape 14 14 from django.utils.text import capfirst, get_text_list 15 from django.utils.safestring import mark_safe 15 16 import operator 16 17 17 18 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE, DELETION … … 129 130 self._repr_filled = False 130 131 131 132 if field.rel: 132 self.related_url = '../../../%s/%s/' % (field.rel.to._meta.app_label, field.rel.to._meta.object_name.lower())133 self.related_url = mark_safe('../../../%s/%s/' % (field.rel.to._meta.app_label, field.rel.to._meta.object_name.lower())) 133 134 134 135 def original_value(self): 135 136 if self.original: … … 209 210 'javascript_imports': get_javascript_imports(opts, auto_populated_fields, field_sets), 210 211 'ordered_objects': ordered_objects, 211 212 'inline_related_objects': inline_related_objects, 212 'form_url': form_url,213 'form_url': mark_safe(form_url), 213 214 'opts': opts, 214 215 'content_type_id': ContentType.objects.get_for_model(model).id, 215 216 } … … 430 431 nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), sub_obj), []]) 431 432 else: 432 433 # Display a link to the admin page. 433 nh(deleted_objects, current_depth, [ '%s: <a href="../../../../%s/%s/%s/">%s</a>' % \434 ( capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.object_name.lower(),435 sub_obj._get_pk_val(), sub_obj), []])434 nh(deleted_objects, current_depth, [mark_safe('%s: <a href="../../../../%s/%s/%s/">%s</a>' % \ 435 (escape(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), 436 sub_obj._get_pk_val(), escape(sub_obj))), []]) 436 437 _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2) 437 438 else: 438 439 has_related_objs = False … … 444 445 nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), escape(str(sub_obj))), []]) 445 446 else: 446 447 # Display a link to the admin page. 447 nh(deleted_objects, current_depth, [ '%s: <a href="../../../../%s/%s/%s/">%s</a>' % \448 ( capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(str(sub_obj))), []])448 nh(deleted_objects, current_depth, [mark_safe('%s: <a href="../../../../%s/%s/%s/">%s</a>' % \ 449 (escape(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(str(sub_obj)))), []]) 449 450 _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2) 450 451 # If there were related objects, and the user doesn't have 451 452 # permission to delete them, add the missing perm to perms_needed. … … 473 474 else: 474 475 # Display a link to the admin page. 475 476 nh(deleted_objects, current_depth, [ 476 (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': related.field.verbose_name, 'name':related.opts.verbose_name}) + \477 mark_safe((_('One or more %(fieldname)s in %(name)s:') % {'fieldname': escape(related.field.verbose_name), 'name':related.opts.verbose_name}) + \ 477 478 (' <a href="../../../../%s/%s/%s/">%s</a>' % \ 478 (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(str(sub_obj)))) , []])479 (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(str(sub_obj))))), []]) 479 480 # If there were related objects, and the user doesn't have 480 481 # permission to change them, add the missing perm to perms_needed. 481 482 if related.opts.admin and has_related_objs: … … 496 497 497 498 # Populate deleted_objects, a data structure of all related objects that 498 499 # will also be deleted. 499 deleted_objects = ['%s: <a href="../../%s/">%s</a>' % (capfirst(opts.verbose_name), object_id, escape(str(obj))), []] 500 deleted_objects = [mark_safe('%s: <a href="../../%s/">%s</a>' % 501 (escape(capfirst(opts.verbose_name)), object_id, escape(str(obj)))), []] 500 502 perms_needed = sets.Set() 501 503 _get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1) 502 504 … … 593 595 del p[k] 594 596 elif v is not None: 595 597 p[k] = v 596 return '?' + '&'.join(['%s=%s' % (k, v) for k, v in p.items()]).replace(' ', '%20')598 return mark_safe('?' + '&'.join(['%s=%s' % (k, v) for k, v in p.items()]).replace(' ', '%20')) 597 599 598 600 def get_results(self, request): 599 601 paginator = ObjectPaginator(self.query_set, self.lookup_opts.admin.list_per_page)
