Ticket #11502: admin_querysting_escaping.diff
| File admin_querysting_escaping.diff, 1.2 KB (added by , 15 years ago) |
|---|
-
django/contrib/admin/templatetags/admin_list.py
22 22 elif i == cl.page_num: 23 23 return mark_safe(u'<span class="this-page">%d</span> ' % (i+1)) 24 24 else: 25 return mark_safe(u'<a href="%s"%s>%d</a> ' % ( cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1))25 return mark_safe(u'<a href="%s"%s>%d</a> ' % (escape(cl.get_query_string({PAGE_VAR: i})), (i == cl.paginator.num_pages-1 and ' class="end"' or ''), i+1)) 26 26 paginator_number = register.simple_tag(paginator_number) 27 27 28 28 def pagination(cl): … … 265 265 day_lookup = cl.params.get(day_field) 266 266 year_month_format, month_day_format = get_partial_date_formats() 267 267 268 link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))268 link = lambda d: cl.get_query_string(d, [field_generic]) 269 269 270 270 if year_lookup and month_lookup and day_lookup: 271 271 day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup))