Changeset 6671
- Timestamp:
- 11/14/07 06:58:53 (6 months ago)
- Files:
-
- django/trunk/django/contrib/admin/filterspecs.py (modified) (3 diffs)
- django/trunk/django/contrib/admin/models.py (modified) (2 diffs)
- django/trunk/django/contrib/admin/templates/admin/base_site.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/admin/change_form.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/admin/date_hierarchy.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/admin/delete_confirmation.html (modified) (2 diffs)
- django/trunk/django/contrib/admin/templates/admin_doc/model_detail.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/admin/edit_inline_stacked.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/admin/edit_inline_tabular.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/admin/index.html (modified) (2 diffs)
- django/trunk/django/contrib/admin/templates/admin/invalid_setup.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/admin/object_history.html (modified) (2 diffs)
- django/trunk/django/contrib/admin/templates/admin/pagination.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/widget/foreign.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templates/widget/one_to_one.html (modified) (1 diff)
- django/trunk/django/contrib/admin/templatetags/adminapplist.py (modified) (2 diffs)
- django/trunk/django/contrib/admin/templatetags/admin_list.py (modified) (5 diffs)
- django/trunk/django/contrib/admin/templatetags/admin_modify.py (modified) (5 diffs)
- django/trunk/django/contrib/admin/utils.py (modified) (2 diffs)
- django/trunk/django/contrib/admin/views/decorators.py (modified) (2 diffs)
- django/trunk/django/contrib/admin/views/doc.py (modified) (2 diffs)
- django/trunk/django/contrib/admin/views/main.py (modified) (8 diffs)
- django/trunk/django/contrib/csrf/middleware.py (modified) (2 diffs)
- django/trunk/django/contrib/databrowse/datastructures.py (modified) (6 diffs)
- django/trunk/django/contrib/databrowse/plugins/calendars.py (modified) (2 diffs)
- django/trunk/django/contrib/databrowse/plugins/fieldchoices.py (modified) (2 diffs)
- django/trunk/django/contrib/databrowse/sites.py (modified) (2 diffs)
- django/trunk/django/contrib/flatpages/views.py (modified) (2 diffs)
- django/trunk/django/contrib/humanize/templatetags/humanize.py (modified) (4 diffs)
- django/trunk/django/contrib/markup/templatetags/markup.py (modified) (4 diffs)
- django/trunk/django/contrib/markup/tests.py (modified) (2 diffs)
- django/trunk/django/contrib/sitemaps/templates/sitemap_index.xml (modified) (1 diff)
- django/trunk/django/contrib/sitemaps/templates/sitemap.xml (modified) (2 diffs)
- django/trunk/django/newforms/forms.py (modified) (4 diffs)
- django/trunk/django/newforms/util.py (modified) (3 diffs)
- django/trunk/django/newforms/widgets.py (modified) (14 diffs)
- django/trunk/django/oldforms/__init__.py (modified) (13 diffs)
- django/trunk/django/template/context.py (modified) (2 diffs)
- django/trunk/django/template/defaultfilters.py (modified) (48 diffs)
- django/trunk/django/template/defaulttags.py (modified) (4 diffs)
- django/trunk/django/template/__init__.py (modified) (11 diffs)
- django/trunk/django/utils/encoding.py (modified) (2 diffs)
- django/trunk/django/utils/html.py (modified) (5 diffs)
- django/trunk/django/utils/safestring.py (added)
- django/trunk/django/views/debug.py (modified) (14 diffs)
- django/trunk/docs/templates_python.txt (modified) (7 diffs)
- django/trunk/docs/templates.txt (modified) (7 diffs)
- django/trunk/tests/regressiontests/defaultfilters/tests.py (modified) (1 diff)
- django/trunk/tests/regressiontests/forms/forms.py (modified) (1 diff)
- django/trunk/tests/regressiontests/forms/tests.py (modified) (1 diff)
- django/trunk/tests/regressiontests/humanize/tests.py (modified) (2 diffs)
- django/trunk/tests/regressiontests/templates/filters.py (added)
- django/trunk/tests/regressiontests/templates/tests.py (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/trunk/django/contrib/admin/filterspecs.py
r5609 r6671 10 10 from django.utils.encoding import smart_unicode, iri_to_uri 11 11 from django.utils.translation import ugettext as _ 12 from django.utils.html import escape 13 from django.utils.safestring import mark_safe 12 14 import datetime 13 15 … … 40 42 t = [] 41 43 if self.has_output(): 42 t.append(_(u'<h3>By %s:</h3>\n<ul>\n') % self.title())44 t.append(_(u'<h3>By %s:</h3>\n<ul>\n') % escape(self.title())) 43 45 44 46 for choice in self.choices(cl): … … 48 50 choice['display'])) 49 51 t.append('</ul>\n\n') 50 return "".join(t)52 return mark_safe("".join(t)) 51 53 52 54 class RelatedFilterSpec(FilterSpec): django/trunk/django/contrib/admin/models.py
r5803 r6671 4 4 from django.utils.translation import ugettext_lazy as _ 5 5 from django.utils.encoding import smart_unicode 6 from django.utils.safestring import mark_safe 6 7 7 8 ADDITION = 1 … … 50 51 This is relative to the Django admin index page. 51 52 """ 52 return u"%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id)53 return mark_safe(u"%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id)) django/trunk/django/contrib/admin/templates/admin/base_site.html
r3349 r6671 2 2 {% load i18n %} 3 3 4 {% block title %}{{ title |escape}} | {% trans 'Django site admin' %}{% endblock %}4 {% block title %}{{ title }} | {% trans 'Django site admin' %}{% endblock %} 5 5 6 6 {% block branding %} django/trunk/django/contrib/admin/templates/admin/change_form.html
r6391 r6671 11 11 <div class="breadcrumbs"> 12 12 <a href="../../../">{% trans "Home" %}</a> › 13 <a href="../">{{ opts.verbose_name_plural|capfirst |escape}}</a> ›14 {% if add %}{% trans "Add" %} {{ opts.verbose_name |escape }}{% else %}{{ original|truncatewords:"18"|escape}}{% endif %}13 <a href="../">{{ opts.verbose_name_plural|capfirst }}</a> › 14 {% if add %}{% trans "Add" %} {{ opts.verbose_name }}{% else %}{{ original|truncatewords:"18" }}{% endif %} 15 15 </div> 16 16 {% endif %}{% endblock %} django/trunk/django/contrib/admin/templates/admin/date_hierarchy.html
r3349 r6671 2 2 <div class="xfull"> 3 3 <ul class="toplinks"> 4 {% if back %}<li class="date-back"><a href="{{ back.link }}">‹ {{ back.title |escape}}</a></li>{% endif %}4 {% if back %}<li class="date-back"><a href="{{ back.link }}">‹ {{ back.title }}</a></li>{% endif %} 5 5 {% for choice in choices %} 6 <li> {% if choice.link %}<a href="{{ choice.link }}">{% endif %}{{ choice.title |escape}}{% if choice.link %}</a>{% endif %}</li>6 <li> {% if choice.link %}<a href="{{ choice.link }}">{% endif %}{{ choice.title }}{% if choice.link %}</a>{% endif %}</li> 7 7 {% endfor %} 8 8 </ul><br class="clear" /> django/trunk/django/contrib/admin/templates/admin/delete_confirmation.html
r6391 r6671 4 4 <div class="breadcrumbs"> 5 5 <a href="../../../../">{% trans "Home" %}</a> › 6 <a href="../../">{{ opts.verbose_name_plural|capfirst |escape}}</a> ›6 <a href="../../">{{ opts.verbose_name_plural|capfirst }}</a> › 7 7 <a href="../">{{ object|escape|truncatewords:"18" }}</a> › 8 8 {% trans 'Delete' %} … … 14 14 <ul> 15 15 {% for obj in perms_lacking %} 16 <li>{{ obj |escape}}</li>16 <li>{{ obj }}</li> 17 17 {% endfor %} 18 18 </ul> django/trunk/django/contrib/admin/templates/admin_doc/model_detail.html
r6391 r6671 9 9 {% endblock %} 10 10 11 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> › <a href="../../">Documentation</a> › <a href="../">Models</a> › {{ name |escape}}</div>{% endblock %}11 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> › <a href="../../">Documentation</a> › <a href="../">Models</a> › {{ name }}</div>{% endblock %} 12 12 13 {% block title %}Model: {{ name |escape}}{% endblock %}13 {% block title %}Model: {{ name }}{% endblock %} 14 14 15 15 {% block content %} 16 16 <div id="content-main"> 17 <h1>{{ summary |escape}}</h1>17 <h1>{{ summary }}</h1> 18 18 19 19 {% if description %} 20 <p>{% filter escape|linebreaksbr %}{% trans description %}{% endfilter %}</p>20 <p>{% filter linebreaksbr %}{% trans description %}{% endfilter %}</p> 21 21 {% endif %} 22 22 django/trunk/django/contrib/admin/templates/admin/edit_inline_stacked.html
r3349 r6671 2 2 <fieldset class="module aligned"> 3 3 {% for fcw in bound_related_object.form_field_collection_wrappers %} 4 <h2>{{ bound_related_object.relation.opts.verbose_name|capfirst |escape}} #{{ forloop.counter }}</h2>4 <h2>{{ bound_related_object.relation.opts.verbose_name|capfirst }} #{{ forloop.counter }}</h2> 5 5 {% if bound_related_object.show_url %}{% if fcw.obj.original %} 6 6 <p><a href="/r/{{ fcw.obj.original.content_type_id }}/{{ fcw.obj.original.id }}/">View on site</a></p> django/trunk/django/contrib/admin/templates/admin/edit_inline_tabular.html
r3571 r6671 1 1 {% load admin_modify %} 2 2 <fieldset class="module"> 3 <h2>{{ bound_related_object.relation.opts.verbose_name_plural|capfirst |escape}}</h2><table>3 <h2>{{ bound_related_object.relation.opts.verbose_name_plural|capfirst }}</h2><table> 4 4 <thead><tr> 5 5 {% for fw in bound_related_object.field_wrapper_list %} 6 6 {% if fw.needs_header %} 7 <th{{ fw.header_class_attribute }}>{{ fw.field.verbose_name|capfirst |escape}}</th>7 <th{{ fw.header_class_attribute }}>{{ fw.field.verbose_name|capfirst }}</th> 8 8 {% endif %} 9 9 {% endfor %} django/trunk/django/contrib/admin/templates/admin/index.html
r5935 r6671 20 20 <tr> 21 21 {% if model.perms.change %} 22 <th scope="row"><a href="{{ model.admin_url }}">{{ model.name |escape}}</a></th>22 <th scope="row"><a href="{{ model.admin_url }}">{{ model.name }}</a></th> 23 23 {% else %} 24 <th scope="row">{{ model.name |escape}}</th>24 <th scope="row">{{ model.name }}</th> 25 25 {% endif %} 26 26 … … 59 59 <ul class="actionlist"> 60 60 {% for entry in admin_log %} 61 <li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">{% if not entry.is_deletion %}<a href="{{ entry.get_admin_url }}">{% endif %}{{ entry.object_repr|escape }}{% if not entry.is_deletion %}</a>{% endif %}<br /><span class="mini quiet">{% filter capfirst |escape%}{% trans entry.content_type.name %}{% endfilter %}</span></li>61 <li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">{% if not entry.is_deletion %}<a href="{{ entry.get_admin_url }}">{% endif %}{{ entry.object_repr|escape }}{% if not entry.is_deletion %}</a>{% endif %}<br /><span class="mini quiet">{% filter capfirst %}{% trans entry.content_type.name %}{% endfilter %}</span></li> 62 62 {% endfor %} 63 63 </ul> django/trunk/django/contrib/admin/templates/admin/invalid_setup.html
r3349 r6671 2 2 {% load i18n %} 3 3 4 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans 'Home' %}</a> › {{ title |escape}}</div>{% endblock %}4 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans 'Home' %}</a> › {{ title }}</div>{% endblock %} 5 5 6 6 {% block content %} django/trunk/django/contrib/admin/templates/admin/object_history.html
r6391 r6671 2 2 {% load i18n %} 3 3 {% block breadcrumbs %} 4 <div class="breadcrumbs"><a href="../../../../">{% trans 'Home' %}</a> › <a href="../../">{{ module_name |escape }}</a> › <a href="../">{{ object|escape|truncatewords:"18" }}</a> › {% trans 'History' %}</div>4 <div class="breadcrumbs"><a href="../../../../">{% trans 'Home' %}</a> › <a href="../../">{{ module_name }}</a> › <a href="../">{{ object|truncatewords:"18" }}</a> › {% trans 'History' %}</div> 5 5 {% endblock %} 6 6 … … 24 24 <tr> 25 25 <th scope="row">{{ action.action_time|date:_("DATE_WITH_TIME_FULL") }}</th> 26 <td>{{ action.user.username }}{% if action.user.first_name %} ({{ action.user.first_name |escape }} {{ action.user.last_name|escape }}){% endif %}</td>27 <td>{{ action.change_message |escape}}</td>26 <td>{{ action.user.username }}{% if action.user.first_name %} ({{ action.user.first_name }} {{ action.user.last_name }}){% endif %}</td> 27 <td>{{ action.change_message }}</td> 28 28 </tr> 29 29 {% endfor %} django/trunk/django/contrib/admin/templates/admin/pagination.html
r3349 r6671 7 7 {% endfor %} 8 8 {% endif %} 9 {{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name|escape }}{% else %}{{ cl.opts.verbose_name_plural |escape}}{% endifequal %}9 {{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name|escape }}{% else %}{{ cl.opts.verbose_name_plural }}{% endifequal %} 10 10 {% if show_all_url %} <a href="{{ show_all_url }}" class="showall">{% trans 'Show all' %}</a>{% endif %} 11 11 </p> django/trunk/django/contrib/admin/templates/widget/foreign.html
r3352 r6671 16 16 {% endif %} 17 17 {% if bound_field.raw_id_admin %} 18 {% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" |escape}}</strong>{% endif %}18 {% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %} 19 19 {% endif %} 20 20 {% endif %} django/trunk/django/contrib/admin/templates/widget/one_to_one.html
r3352 r6671 1 1 {% if add %}{% include "widget/foreign.html" %}{% endif %} 2 {% if change %}{% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" |escape}}</strong>{% endif %}{% endif %}2 {% if change %}{% if bound_field.existing_display %} <strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %}{% endif %} django/trunk/django/contrib/admin/templatetags/adminapplist.py
r5609 r6671 2 2 from django.db.models import get_models 3 3 from django.utils.encoding import force_unicode 4 from django.utils.safestring import mark_safe 4 5 5 6 register = template.Library() … … 39 40 model_list.append({ 40 41 'name': force_unicode(capfirst(m._meta.verbose_name_plural)), 41 'admin_url': u'%s/%s/' % (force_unicode(app_label), m.__name__.lower()),42 'admin_url': mark_safe(u'%s/%s/' % (force_unicode(app_label), m.__name__.lower())), 42 43 'perms': perms, 43 44 }) django/trunk/django/contrib/admin/templatetags/admin_list.py
r5694 r6671 5 5 from django.db import models 6 6 from django.utils import dateformat 7 from django.utils.html import escape 7 from django.utils.html import escape, conditional_escape 8 8 from django.utils.text import capfirst 9 from django.utils.safestring import mark_safe 9 10 from django.utils.translation import get_date_formats, get_partial_date_formats, ugettext as _ 10 11 from django.utils.encoding import smart_unicode, smart_str, force_unicode … … 20 21 return u'... ' 21 22 elif i == cl.page_num: 22 return u'<span class="this-page">%d</span> ' % (i+1)23 return mark_safe(u'<span class="this-page">%d</span> ' % (i+1)) 23 24 else: 24 return u'<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.pages-1 and ' class="end"' or ''), i+1)25 return mark_safe(u'<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.pages-1 and ' class="end"' or ''), i+1)) 25 26 paginator_number = register.simple_tag(paginator_number) 26 27 … … 118 119 def _boolean_icon(field_val): 119 120 BOOLEAN_MAPPING = {True: 'yes', False: 'no', None: 'unknown'} 120 return u'<img src="%simg/admin/icon-%s.gif" alt="%s" />' % (settings.ADMIN_MEDIA_PREFIX, BOOLEAN_MAPPING[field_val], field_val)121 return mark_safe(u'<img src="%simg/admin/icon-%s.gif" alt="%s" />' % (settings.ADMIN_MEDIA_PREFIX, BOOLEAN_MAPPING[field_val], field_val)) 121 122 122 123 def items_for_result(cl, result): … … 194 195 # Problem cases are long ints (23L) and non-ASCII strings. 195 196 result_id = repr(force_unicode(getattr(result, pk)))[1:] 196 yield (u'<%s%s><a href="%s"%s>%s</a></%s>' % \197 (table_tag, row_class, url, (cl.is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %s); return false;"' % result_id or ''), result_repr, table_tag))198 else: 199 yield (u'<td%s>%s</td>' % (row_class, result_repr))197 yield mark_safe(u'<%s%s><a href="%s"%s>%s</a></%s>' % \ 198 (table_tag, row_class, url, (cl.is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %s); return false;"' % result_id or ''), conditional_escape(result_repr), table_tag)) 199 else: 200 yield mark_safe(u'<td%s>%s</td>' % (row_class, conditional_escape(result_repr))) 200 201 201 202 def results(cl): … … 221 222 year_month_format, month_day_format = get_partial_date_formats() 222 223 223 link = lambda d: cl.get_query_string(d, [field_generic])224 link = lambda d: mark_safe(cl.get_query_string(d, [field_generic])) 224 225 225 226 if year_lookup and month_lookup and day_lookup: django/trunk/django/contrib/admin/templatetags/admin_modify.py
r6399 r6671 4 4 from django.utils.text import capfirst 5 5 from django.utils.encoding import force_unicode 6 from django.utils.safestring import mark_safe 7 from django.utils.html import escape 6 8 from django.db import models 7 9 from django.db.models.fields import Field … … 33 35 if not absolute_url_re.match(script_path): 34 36 script_path = '%s%s' % (settings.ADMIN_MEDIA_PREFIX, script_path) 35 return u'<script type="text/javascript" src="%s"></script>' % script_path 37 return mark_safe(u'<script type="text/javascript" src="%s"></script>' 38 % script_path) 36 39 include_admin_script = register.simple_tag(include_admin_script) 37 40 … … 64 67 colon = ":" 65 68 class_str = class_names and u' class="%s"' % u' '.join(class_names) or u'' 66 return u'<label for="%s"%s>%s%s</label> ' % (bound_field.element_id, class_str, \ 67 force_unicode(capfirst(bound_field.field.verbose_name)), colon) 69 return mark_safe(u'<label for="%s"%s>%s%s</label> ' % 70 (bound_field.element_id, class_str, 71 escape(force_unicode(capfirst(bound_field.field.verbose_name))), 72 colon)) 68 73 field_label = register.simple_tag(field_label) 69 74 … … 194 199 ' if(!e._changed) { e.value = URLify(%s, %s);} }; ' % ( 195 200 f, field.name, add_values, field.max_length)) 196 return u''.join(t)201 return mark_safe(u''.join(t)) 197 202 auto_populated_field_script = register.simple_tag(auto_populated_field_script) 198 203 … … 200 205 f = bound_field.field 201 206 if f.rel and isinstance(f.rel, models.ManyToManyRel) and f.rel.filter_interface: 202 return u'<script type="text/javascript">addEvent(window, "load", function(e) {' \207 return mark_safe(u'<script type="text/javascript">addEvent(window, "load", function(e) {' \ 203 208 ' SelectFilter.init("id_%s", "%s", %s, "%s"); });</script>\n' % ( 204 f.name, f.verbose_name.replace('"', '\\"'), f.rel.filter_interface-1, settings.ADMIN_MEDIA_PREFIX)209 f.name, escape(f.verbose_name.replace('"', '\\"')), f.rel.filter_interface-1, settings.ADMIN_MEDIA_PREFIX)) 205 210 else: 206 211 return '' django/trunk/django/contrib/admin/utils.py
r4265 r6671 4 4 from email.Parser import HeaderParser 5 5 from email.Errors import HeaderParseError 6 from django.utils.safestring import mark_safe 6 7 try: 7 8 import docutils.core … … 67 68 destination_path=None, writer_name='html', 68 69 settings_overrides=overrides) 69 return parts['fragment']70 return mark_safe(parts['fragment']) 70 71 71 72 # django/trunk/django/contrib/admin/views/decorators.py
r5609 r6671 5 5 from django.shortcuts import render_to_response 6 6 from django.utils.translation import ugettext_lazy, ugettext as _ 7 from django.utils.safestring import mark_safe 7 8 import base64, datetime, md5 8 9 import cPickle as pickle … … 23 24 return render_to_response('admin/login.html', { 24 25 'title': _('Log in'), 25 'app_path': request.path,26 'app_path': mark_safe(request.path), 26 27 'post_data': post_data, 27 28 'error_message': error_message django/trunk/django/contrib/admin/views/doc.py
r6296 r6671 11 11 from django.contrib.sites.models import Site 12 12 from django.utils.translation import ugettext as _ 13 from django.utils.safestring import mark_safe 13 14 import inspect, os, re 14 15 … … 30 31 admin_root = request.path[:-len('doc/bookmarklets/')] 31 32 return render_to_response('admin_doc/bookmarklets.html', { 32 'admin_url': "%s://%s%s" % (request.is_secure() and 'https' or 'http', request.get_host(), admin_root),33 'admin_url': mark_safe("%s://%s%s" % (request.is_secure() and 'https' or 'http', request.get_host(), admin_root)), 33 34 }, context_instance=RequestContext(request)) 34 35 bookmarklets = staff_member_required(bookmarklets) django/trunk/django/contrib/admin/views/main.py
r6360 r6671 15 15 from django.utils.encoding import force_unicode, smart_str 16 16 from django.utils.translation import ugettext as _ 17 from django.utils.safestring import mark_safe 17 18 import operator 18 19 … … 137 138 138 139 if field.rel: 139 self.related_url = u'../../../%s/%s/' % (field.rel.to._meta.app_label, field.rel.to._meta.object_name.lower()) 140 self.related_url = mark_safe(u'../../../%s/%s/' 141 % (field.rel.to._meta.app_label, 142 field.rel.to._meta.object_name.lower())) 140 143 141 144 def original_value(self): … … 217 220 'ordered_objects': ordered_objects, 218 221 'inline_related_objects': inline_related_objects, 219 'form_url': form_url,222 'form_url': mark_safe(form_url), 220 223 'opts': opts, 221 224 'content_type_id': ContentType.objects.get_for_model(model).id, … … 437 440 # Don't display link to edit, because it either has no 438 441 # admin or is edited inline. 439 nh(deleted_objects, current_depth, [ u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), sub_obj), []])442 nh(deleted_objects, current_depth, [mark_safe(u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), sub_obj)), []]) 440 443 else: 441 444 # Display a link to the admin page. 442 nh(deleted_objects, current_depth, [u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \ 443 (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), 444 sub_obj._get_pk_val(), sub_obj), []]) 445 nh(deleted_objects, current_depth, [mark_safe(u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % 446 (escape(force_unicode(capfirst(related.opts.verbose_name))), 447 related.opts.app_label, 448 related.opts.object_name.lower(), 449 sub_obj._get_pk_val(), sub_obj)), []]) 445 450 _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2) 446 451 else: … … 454 459 else: 455 460 # Display a link to the admin page. 456 nh(deleted_objects, current_depth, [ u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \457 ( force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(sub_obj)), []])461 nh(deleted_objects, current_depth, [mark_safe(u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \ 462 (escape(force_unicode(capfirst(related.opts.verbose_name))), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(sub_obj))), []]) 458 463 _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2) 459 464 # If there were related objects, and the user doesn't have … … 486 491 # Display a link to the admin page. 487 492 nh(deleted_objects, current_depth, [ 488 (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': force_unicode(related.field.verbose_name), 'name': force_unicode(related.opts.verbose_name)}) + \493 mark_safe((_('One or more %(fieldname)s in %(name)s:') % {'fieldname': escape(force_unicode(related.field.verbose_name)), 'name': escape(force_unicode(related.opts.verbose_name))}) + \ 489 494 (u' <a href="../../../../%s/%s/%s/">%s</a>' % \ 490 (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(sub_obj))) , []])495 (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(sub_obj)))), []]) 491 496 # If there were related objects, and the user doesn't have 492 497 # permission to change them, add the missing perm to perms_needed. … … 508 513 # Populate deleted_objects, a data structure of all related objects that 509 514 # will also be deleted. 510 deleted_objects = [ u'%s: <a href="../../%s/">%s</a>' % (force_unicode(capfirst(opts.verbose_name)), force_unicode(object_id), escape(obj)), []]515 deleted_objects = [mark_safe(u'%s: <a href="../../%s/">%s</a>' % (escape(force_unicode(capfirst(opts.verbose_name))), force_unicode(object_id), escape(obj))), []] 511 516 perms_needed = set() 512 517 _get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1) … … 605 610 elif v is not None: 606 611 p[k] = v 607 return '?' + '&'.join([u'%s=%s' % (k, v) for k, v in p.items()]).replace(' ', '%20')612 return mark_safe('?' + '&'.join([u'%s=%s' % (k, v) for k, v in p.items()]).replace(' ', '%20')) 608 613 609 614 def get_results(self, request): django/trunk/django/contrib/csrf/middleware.py
r6038 r6671 8 8 from django.conf import settings 9 9 from django.http import HttpResponseForbidden 10 from django.utils.safestring import mark_safe 10 11 import md5 11 12 import re 12 13 import itertools 13 14 14 _ERROR_MSG = '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>'15 _ERROR_MSG = mark_safe('<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request Forgery detected. Request aborted.</p></body></html>') 15 16 16 17 _POST_FORM_RE = \ … … 83 84 def add_csrf_field(match): 84 85 """Returns the matched <form> tag plus the added <input> element""" 85 return ma tch.group() + "<div style='display:none;'>" + \86 return mark_safe(match.group() + "<div style='display:none;'>" + \ 86 87 "<input type='hidden' " + idattributes.next() + \ 87 88 " name='csrfmiddlewaretoken' value='" + csrf_token + \ 88 "' /></div>" 89 "' /></div>") 89 90 90 91 # Modify any POST forms django/trunk/django/contrib/databrowse/datastructures.py
r5947 r6671 9 9 from django.utils.translation import get_date_formats 10 10 from django.utils.encoding import smart_unicode, smart_str, iri_to_uri 11 from django.utils.safestring import mark_safe 11 12 from django.db.models.query import QuerySet 12 13 … … 29 30 30 31 def url(self): 31 return '%s%s/%s/' % (self.site.root_url, self.model._meta.app_label, self.model._meta.module_name)32 return mark_safe('%s%s/%s/' % (self.site.root_url, self.model._meta.app_label, self.model._meta.module_name)) 32 33 33 34 def objects(self, **kwargs): … … 69 70 def url(self): 70 71 if self.field.choices: 71 return '%s%s/%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name, self.field.name)72 return mark_safe('%s%s/%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name, self.field.name)) 72 73 elif self.field.rel: 73 return '%s%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name)74 return mark_safe('%s%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name)) 74 75 75 76 class EasyChoice(object): … … 82 83 83 84 def url(self): 84 return '%s%s/%s/%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name, self.field.field.name, iri_to_uri(self.value))85 return mark_safe('%s%s/%s/%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name, self.field.field.name, iri_to_uri(self.value))) 85 86 86 87 class EasyInstance(object): … … 185 186 lst = [] 186 187 for value in self.values(): 187 url = '%s%s/%s/objects/%s/' % (self.model.site.root_url, m.model._meta.app_label, m.model._meta.module_name, iri_to_uri(value._get_pk_val()))188 url = mark_safe('%s%s/%s/objects/%s/' % (self.model.site.root_url, m.model._meta.app_label, m.model._meta.module_name, iri_to_uri(value._get_pk_val()))) 188 189 lst.append((smart_unicode(value), url)) 189 190 else: … … 192 193 lst = [] 193 194 for value in self.values(): 194 url = '%s%s/%s/fields/%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name, self.field.name, iri_to_uri(self.raw_value))195 url = mark_safe('%s%s/%s/fields/%s/%s/' % (self.model.site.root_url, self.model.model._meta.app_label, self.model.model._meta.module_name, self.field.name, iri_to_uri(self.raw_value))) 195 196 lst.append((value, url)) 196 197 elif isinstance(self.field, models.URLField): django/trunk/django/contrib/databrowse/plugins/calendars.py
r5947 r6671 6 6 from django.utils.text import capfirst 7 7 from django.utils.translation import get_date_formats 8 from django.utils.encoding import force_unicode 9 from django.utils.safestring import mark_safe 8 10 from django.views.generic import date_based 9 from django.utils.encoding import force_unicode10 11 import datetime 11 12 import time … … 30 31 if not fields: 31 32 return u'' 32 return u'<p class="filter"><strong>View calendar by:</strong> %s</p>' % \33 u', '.join(['<a href="calendars/%s/">%s</a>' % (f.name, force_unicode(capfirst(f.verbose_name))) for f in fields.values()]) 33 return mark_safe(u'<p class="filter"><strong>View calendar by:</strong> %s</p>' % \ 34 u', '.join(['<a href="calendars/%s/">%s</a>' % (f.name, force_unicode(capfirst(f.verbose_name))) for f in fields.values()])) 34 35 35 36 def urls(self, plugin_name, easy_instance_field): 36 37 if isinstance(easy_instance_field.field, models.DateField): 37 return [u'%s%s/%s/%s/%s/%s/' % (easy_instance_field.model.url(), 38 return [mark_safe(u'%s%s/%s/%s/%s/%s/' % ( 39 easy_instance_field.model.url(), 38 40 plugin_name, easy_instance_field.field.name, 39 41 easy_instance_field.raw_value.year, 40 42 easy_instance_field.raw_value.strftime('%b').lower(), 41 easy_instance_field.raw_value.day) ]43 easy_instance_field.raw_value.day))] 42 44 43 45 def model_view(self, request, model_databrowse, url): django/trunk/django/contrib/databrowse/plugins/fieldchoices.py
r5876 r6671 6 6 from django.utils.text import capfirst 7 7 from django.utils.encoding import smart_str, force_unicode 8 from django.utils.safestring import mark_safe 8 9 from django.views.generic import date_based 9 10 import datetime … … 33 34 if not fields: 34 35 return u'' 35 return u'<p class="filter"><strong>View by:</strong> %s</p>' % \36 u', '.join(['<a href="fields/%s/">%s</a>' % (f.name, force_unicode(capfirst(f.verbose_name))) for f in fields.values()]) 36 return mark_safe(u'<p class="filter"><strong>View by:</strong> %s</p>' % \ 37 u', '.join(['<a href="fields/%s/">%s</a>' % (f.name, force_unicode(capfirst(f.verbose_name))) for f in fields.values()])) 37 38 38 39 def urls(self, plugin_name, easy_instance_field): 39 40 if easy_instance_field.field in self.field_dict(easy_instance_field.model.model).values(): 40 41 field_value = smart_str(easy_instance_field.raw_value) 41 return [u'%s%s/%s/%s/' % (easy_instance_field.model.url(), 42 return [mark_safe(u'%s%s/%s/%s/' % ( 43 easy_instance_field.model.url(), 42 44 plugin_name, easy_instance_field.field.name, 43 urllib.quote(field_value, safe='')) ]45 urllib.quote(field_value, safe='')))] 44 46 45 47 def model_view(self, request, model_databrowse, url): django/trunk/django/contrib/databrowse/sites.py
r5876 r6671 3 3 from django.contrib.databrowse.datastructures import EasyModel, EasyChoice 4 4 from django.shortcuts import render_to_response 5 from django.utils.safestring import mark_safe 5 6 6 7 class AlreadyRegistered(Exception): … … 61 62 def main_view(self, request): 62 63 easy_model = EasyModel(self.site, self.model) 63 html_snippets = u'\n'.join([p.model_index_html(request, self.model, self.site) for p in self.plugins.values()])64 html_snippets = mark_safe(u'\n'.join([p.model_index_html(request, self.model, self.site) for p in self.plugins.values()])) 64 65 return render_to_response('databrowse/model_detail.html', { 65 66 'model': easy_model, django/trunk/django/contrib/flatpages/views.py