Django

Code

Ticket #4074 (closed: fixed)

Opened 1 year ago

Last modified 2 months ago

admin interface filter.html does not encode url attributes properly

Reported by: tony.perkins@travelocity.com Assigned to: nobody
Milestone: Component: Admin interface
Version: newforms-admin Keywords: ampersand filter
Cc: robert@exoweb.net Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

If you filter on a field that has a value that includes an ampersand when selecting that value to filter on it does not work.

The output of filter.html for an example 

<li>
    <a href="?title=Escapade%20-%20Adult%20Kayak%20&amp;%20Snorkel,%20Northwest%20Maui">Escapade - Adult Kayak &amp; Snorkel, Northwest Maui</a></li>

I tried using the urlencode filter, but it encodes the ? as well which causes it to fail also.

<a href="{{ choice.query_string|urlencode }}">{{ choice.display|escape }}</a></li>

If I change the following it works. I know this is not the right place.

In filter.html change

<a href="{{ choice.query_string }}">{{ choice.display|escape }}</a></li>

to

<a href="{{ choice.query_string|fix_ampersands }}">{{ choice.display|escape }}</a></li>

in html.py change 

def fix_ampersands(value):
    "Returns the given HTML with all unencoded ampersands encoded correctly"
    return unencoded_ampersands_re.sub('&amp;', value)

to 

  def fix_ampersands(value):
    "Returns the given HTML with all unencoded ampersands encoded correctly"
    return unencoded_ampersands_re.sub('%26', value)

Attachments

django-4074-admin-querystring-quote.patch (0.8 kB) - added by Robert Bunting on 07/16/07 05:28:12.
One way to patch it - saves lots of potential problems with the query string
django-4074-admin-querystring-quote2.patch (0.8 kB) - added by Robert Bunting on 07/16/07 05:31:20.
better unicode version
4074.diff (1.2 kB) - added by SmileyChris on 01/03/08 03:20:24.
4074-nfa.diff (1.1 kB) - added by Karen Tracey <kmtracey@gmail.com> on 06/30/08 09:47:19.
Same patch, only against newforms-admin

Change History

06/07/07 16:55:23 changed by adrian

  • needs_better_patch changed.
  • version changed from new-admin to SVN.
  • needs_tests changed.
  • needs_docs changed.

07/16/07 05:28:12 changed by Robert Bunting

  • attachment django-4074-admin-querystring-quote.patch added.

One way to patch it - saves lots of potential problems with the query string

07/16/07 05:31:20 changed by Robert Bunting

  • attachment django-4074-admin-querystring-quote2.patch added.

better unicode version

07/16/07 05:33:17 changed by Robert Bunting

  • has_patch set to 1.

Not sure if this would be acceptable, but it's a patch which will make sure the querystring is more useable everywhere. It solves '&', and also a problem I have been having with '>' (which when used in another form confuses the CSRF substitution regexp!)

07/16/07 21:37:43 changed by anonymous

  • cc set to robert@exoweb.net.

01/03/08 02:21:01 changed by SmileyChris

  • needs_better_patch set to 1.
  • summary changed from admin interface filter.html does not encode & properly to admin interface filter.html does not encode url attributes properly.
  • stage changed from Unreviewed to Accepted.

01/03/08 03:20:24 changed by SmileyChris

  • attachment 4074.diff added.

01/03/08 03:22:29 changed by SmileyChris

  • needs_better_patch deleted.
  • stage changed from Accepted to Ready for checkin.

New patch (against SVN trunk, not newforms-admin branch) which fixes the issue at the core. I also added a small optimization.

The code in question hasn't changed in newforms, it may as well be fixed on trunk, yes?

06/30/08 05:17:49 changed by mtredinnick

  • version changed from SVN to newforms-admin.
  • stage changed from Ready for checkin to Accepted.

Not worth fixing on trunk, since newforms-admin is so close. Pushing to the newforms-admin branch, though, so they can check it's been fixed over there.

06/30/08 09:47:19 changed by Karen Tracey <kmtracey@gmail.com>

  • attachment 4074-nfa.diff added.

Same patch, only against newforms-admin

06/30/08 09:49:22 changed by Karen Tracey <kmtracey@gmail.com>

  • stage changed from Accepted to Ready for checkin.

No, it hasn't been fixed in newforms-admin. Verified the problem and that the patch (rebased since the trunk version would not apply) fixes it.

06/30/08 12:38:13 changed by brosner

  • status changed from new to closed.
  • resolution set to fixed.

(In [7810]) newforms-admin: Fixed #4074 -- Properly urlencode the ChangeList? query string when the value has an ampersand. Thanks Tony Perkins and SmileyChris?.

Add/Change #4074 (admin interface filter.html does not encode url attributes properly)




Change Properties
Action