Code

Ticket #11252: django_admin_pagination_escape.patch

File django_admin_pagination_escape.patch, 788 bytes (added by daemondazz, 5 years ago)

Updated patch using escape()

  • django/contrib/admin/templatetags/admin_list.py

     
    2222    elif i == cl.page_num: 
    2323        return mark_safe(u'<span class="this-page">%d</span> ' % (i+1)) 
    2424    else: 
    25         return mark_safe(u'<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1)) 
     25        return mark_safe(u'<a href="%s"%s>%d</a> ' % (escape(cl.get_query_string({PAGE_VAR: i})), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1)) 
    2626paginator_number = register.simple_tag(paginator_number) 
    2727 
    2828def pagination(cl):