Code

Ticket #11502: admin_querysting_escaping.diff

File admin_querysting_escaping.diff, 1.2 KB (added by anonymous, 5 years ago)
Line 
1Index: django/contrib/admin/templatetags/admin_list.py
2===================================================================
3--- django/contrib/admin/templatetags/admin_list.py     (wersja 11268)
4+++ django/contrib/admin/templatetags/admin_list.py     (kopia robocza)
5@@ -22,7 +22,7 @@
6     elif i == cl.page_num:
7         return mark_safe(u'<span class="this-page">%d</span> ' % (i+1))
8     else:
9-        return mark_safe(u'<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1))
10+        return mark_safe(u'<a href="%s"%s>%d</a> ' % (escape(cl.get_query_string({PAGE_VAR: i})), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1))
11 paginator_number = register.simple_tag(paginator_number)
12 
13 def pagination(cl):
14@@ -265,7 +265,7 @@
15         day_lookup = cl.params.get(day_field)
16         year_month_format, month_day_format = get_partial_date_formats()
17 
18-        link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))
19+        link = lambda d: cl.get_query_string(d, [field_generic])
20 
21         if year_lookup and month_lookup and day_lookup:
22             day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup))