Ticket #11502: admin_querysting_escaping.diff

File admin_querysting_escaping.diff, 1.2 KB (added by anonymous, 6 years ago)
  • django/contrib/admin/templatetags/admin_list.py

     
    2222    elif i == cl.page_num:
    2323        return mark_safe(u'<span class="this-page">%d</span> ' % (i+1))
    2424    else:
    25         return mark_safe(u'<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1))
     25        return mark_safe(u'<a href="%s"%s>%d</a> ' % (escape(cl.get_query_string({PAGE_VAR: i})), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1))
    2626paginator_number = register.simple_tag(paginator_number)
    2727
    2828def pagination(cl):
     
    265265        day_lookup = cl.params.get(day_field)
    266266        year_month_format, month_day_format = get_partial_date_formats()
    267267
    268         link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))
     268        link = lambda d: cl.get_query_string(d, [field_generic])
    269269
    270270        if year_lookup and month_lookup and day_lookup:
    271271            day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup))
Back to Top