Context Navigation

Back to Ticket #2359

Ticket #2359: 03-admin-changes.diff

File 03-admin-changes.diff, 36.9 KB (added by Malcolm Tredinnick, 18 years ago)
Changes to contrib/admin/

django/contrib/admin/filterspecs.py

Changes to admin app to make it use autoescaping.

From:  <>


---

 django/contrib/admin/filterspecs.py                |    3 ++-
 django/contrib/admin/models.py                     |    3 ++-
 django/contrib/admin/templates/admin/base.html     |   10 +++++---
 .../contrib/admin/templates/admin/base_site.html   |    2 +-
 .../contrib/admin/templates/admin/change_form.html |    4 ++--
 .../contrib/admin/templates/admin/change_list.html |    2 +-
 .../admin/templates/admin/date_hierarchy.html      |    4 ++--
 .../admin/templates/admin/delete_confirmation.html |    4 ++--
 .../admin/templates/admin/edit_inline_stacked.html |    2 +-
 .../admin/templates/admin/edit_inline_tabular.html |    4 ++--
 django/contrib/admin/templates/admin/filter.html   |    2 +-
 django/contrib/admin/templates/admin/index.html    |    6 +++--
 .../admin/templates/admin/invalid_setup.html       |    2 +-
 .../admin/templates/admin/object_history.html      |    6 +++---
 .../contrib/admin/templates/admin/pagination.html  |    2 +-
 .../contrib/admin/templates/admin/search_form.html |    4 ++--
 .../admin/templates/admin_doc/model_detail.html    |   10 +++++-----
 .../admin/templates/admin_doc/template_detail.html |   10 +++++-----
 .../admin/templates/admin_doc/view_detail.html     |    2 +-
 django/contrib/admin/templates/widget/foreign.html |    2 +-
 .../contrib/admin/templates/widget/one_to_one.html |    2 +-
 django/contrib/admin/templatetags/admin_list.py    |   11 +++++----
 django/contrib/admin/templatetags/admin_modify.py  |   14 +++++++-----
 django/contrib/admin/utils.py                      |    3 ++-
 django/contrib/admin/views/decorators.py           |    2 +-
 django/contrib/admin/views/doc.py                  |    3 ++-
 django/contrib/admin/views/main.py                 |   24 +++++++++++---------
 27 files changed, 77 insertions(+), 66 deletions(-)

diff --git a/django/contrib/admin/filterspecs.py b/django/contrib/admin/filterspecs.py
index 8c2b821..c108f6e 100644

                certain test -- e.g. being a DateField o
 """
 from django.db import models
+from django.utils import html
 import datetime
 class FilterSpec(object):
-…
+               class FilterSpec(object):
     def output(self, cl):
         t = []
         if self.has_output():
             t.append(_('<h3>By %s:</h3>\n<ul>\n') % self.title())
+            t.append(_('<h3>By %s:</h3>\n<ul>\n') % html.escape(self.title()))
             for choice in self.choices(cl):
                 t.append('<li%s><a href="%s">%s</a></li>\n' % \

django/contrib/admin/models.py

diff --git a/django/contrib/admin/models.py b/django/contrib/admin/models.py
index 022d20b..0f45f35 100644

                from django.db import models
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.auth.models import User
 from django.utils.translation import gettext_lazy as _
+from django.utils.safestring import mark_safe
 ADDITION = 1
 CHANGE = 2
-…
+               class LogEntry(models.Model):
         Returns the admin URL to edit the object represented by this log entry.
         This is relative to the Django admin index page.
         """
         return "%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id)
+        return mark_safe("%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id))

django/contrib/admin/templates/admin/base.html

diff --git a/django/contrib/admin/templates/admin/base.html b/django/contrib/admin/templates/admin/base.html
index 41514e6..c505dc0 100644

-              a
 <body class="{% if is_popup %}popup {% endif %}{% block bodyclass %}{% endblock %}">
 <!-- Container -->
+{% autoescape %}
 <div id="container">
     {% if not is_popup %}
 …
         {% block branding %}{% endblock %}
         </div>
         {% if user.is_authenticated and user.is_staff %}
         <div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name|escape }}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div>
+        <div id="user-tools">{% trans 'Welcome,' %} <strong>{% if user.first_name %}{{ user.first_name }}{% else %}{{ user.username }}{% endif %}</strong>. {% block userlinks %}<a href="doc/">{% trans 'Documentation' %}</a> / <a href="password_change/">{% trans 'Change password' %}</a> / <a href="logout/">{% trans 'Log out' %}</a>{% endblock %}</div>
         {% endif %}
         {% block nav-global %}{% endblock %}
     </div>
     <!-- END Header -->
     {% block breadcrumbs %}<div class="breadcrumbs"><a href="/">{% trans 'Home' %}</a>{% if title %} &rsaquo; {{ title|escape }}{% endif %}</div>{% endblock %}
+    {% block breadcrumbs %}<div class="breadcrumbs"><a href="/">{% trans 'Home' %}</a>{% if title %} &rsaquo; {{ title }}{% endif %}</div>{% endblock %}
     {% endif %}
         {% if messages %}
         <ul class="messagelist">{% for message in messages %}<li>{{ message|escape }}</li>{% endfor %}</ul>
+        <ul class="messagelist">{% for message in messages %}<li>{{ message }}</li>{% endfor %}</ul>
         {% endif %}
     <!-- Content -->
     <div id="content" class="{% block coltype %}colM{% endblock %}">
         {% block pretitle %}{% endblock %}
         {% block content_title %}{% if title %}<h1>{{ title|escape }}</h1>{% endif %}{% endblock %}
+        {% block content_title %}{% if title %}<h1>{{ title }}</h1>{% endif %}{% endblock %}
         {% block content %}{{ content }}{% endblock %}
         {% block sidebar %}{% endblock %}
         <br class="clear" />
 …
     {% block footer %}<div id="footer"></div>{% endblock %}
 </div>
+{% endautoescape %}
 <!-- END Container -->
 </body>

django/contrib/admin/templates/admin/base_site.html

diff --git a/django/contrib/admin/templates/admin/base_site.html b/django/contrib/admin/templates/admin/base_site.html
index 2bc7310..b867bd2 100644

-              a
 {% extends "admin/base.html" %}
 {% load i18n %}
 {% block title %}{{ title|escape }} | {% trans 'Django site admin' %}{% endblock %}
+{% block title %}{{ title }} | {% trans 'Django site admin' %}{% endblock %}
 {% block branding %}
 <h1 id="site-name">{% trans 'Django administration' %}</h1>

django/contrib/admin/templates/admin/change_form.html

diff --git a/django/contrib/admin/templates/admin/change_form.html b/django/contrib/admin/templates/admin/change_form.html
index e61eb55..d22cfa8 100644

-              a
 {% block breadcrumbs %}{% if not is_popup %}
 <div class="breadcrumbs">
      <a href="../../../">{% trans "Home" %}</a> &rsaquo;
      <a href="../">{{ opts.verbose_name_plural|capfirst|escape }}</a> &rsaquo;
      {% if add %}{% trans "Add" %} {{ opts.verbose_name|escape }}{% else %}{{ original|truncatewords:"18"|escape }}{% endif %}
+     <a href="../">{{ opts.verbose_name_plural|capfirst }}</a> &rsaquo;
+     {% if add %}{% trans "Add" %} {{ opts.verbose_name }}{% else %}{{ original|truncatewords:"18" }}{% endif %}
 </div>
 {% endif %}{% endblock %}
 {% block content %}<div id="content-main">

django/contrib/admin/templates/admin/change_list.html

diff --git a/django/contrib/admin/templates/admin/change_list.html b/django/contrib/admin/templates/admin/change_list.html
index bd2304b..2c8ff3e 100644

-              a
 {% block stylesheet %}{% admin_media_prefix %}css/changelists.css{% endblock %}
 {% block bodyclass %}change-list{% endblock %}
 {% block userlinks %}<a href="../../doc/">{% trans 'Documentation' %}</a> / <a href="../../password_change/">{% trans 'Change password' %}</a> / <a href="../../logout/">{% trans 'Log out' %}</a>{% endblock %}
 {% if not is_popup %}{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans "Home" %}</a> &rsaquo; {{ cl.opts.verbose_name_plural|capfirst|escape }}</div>{% endblock %}{% endif %}
+{% if not is_popup %}{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans "Home" %}</a> &rsaquo; {{ cl.opts.verbose_name_plural|capfirst }}</div>{% endblock %}{% endif %}
 {% block coltype %}flex{% endblock %}
 {% block content %}
 <div id="content-main">

django/contrib/admin/templates/admin/date_hierarchy.html

diff --git a/django/contrib/admin/templates/admin/date_hierarchy.html b/django/contrib/admin/templates/admin/date_hierarchy.html
index d2d6961..0058510 100644

-              a
 {% if show %}
 <div class="xfull">
 <ul class="toplinks">
 {% if back %}<li class="date-back"><a href="{{ back.link }}">&lsaquo; {{ back.title|escape }}</a></li>{% endif %}
+{% if back %}<li class="date-back"><a href="{{ back.link }}">&lsaquo; {{ back.title }}</a></li>{% endif %}
 {% for choice in choices %}
 <li> {% if choice.link %}<a href="{{ choice.link }}">{% endif %}{{ choice.title|escape }}{% if choice.link %}</a>{% endif %}</li>
+<li> {% if choice.link %}<a href="{{ choice.link }}">{% endif %}{{ choice.title }}{% if choice.link %}</a>{% endif %}</li>
 {% endfor %}
 </ul><br class="clear" />
 </div>

django/contrib/admin/templates/admin/delete_confirmation.html

diff --git a/django/contrib/admin/templates/admin/delete_confirmation.html b/django/contrib/admin/templates/admin/delete_confirmation.html
index 3921ab6..7402018 100644

-              a
 {% block breadcrumbs %}
 <div class="breadcrumbs">
      <a href="../../../../">{% trans "Home" %}</a> &rsaquo;
      <a href="../../">{{ opts.verbose_name_plural|capfirst|escape }}</a> &rsaquo;
+     <a href="../../">{{ opts.verbose_name_plural|capfirst }}</a> &rsaquo;
      <a href="../">{{ object|escape|truncatewords:"18" }}</a> &rsaquo;
      {% trans 'Delete' %}
 </div>
 …
     <p>{% blocktrans with object|escape as escaped_object %}Deleting the {{ object_name }} '{{ escaped_object }}' would result in deleting related objects, but your account doesn't have permission to delete the following types of objects:{% endblocktrans %}</p>
     <ul>
     {% for obj in perms_lacking %}
         <li>{{ obj|escape }}</li>
+        <li>{{ obj }}</li>
     {% endfor %}
     </ul>
 {% else %}

django/contrib/admin/templates/admin/edit_inline_stacked.html

diff --git a/django/contrib/admin/templates/admin/edit_inline_stacked.html b/django/contrib/admin/templates/admin/edit_inline_stacked.html
index 48ecc69..45aa0a4 100644

-              a
 {% load admin_modify %}
 <fieldset class="module aligned">
    {% for fcw in bound_related_object.form_field_collection_wrappers %}
       <h2>{{ bound_related_object.relation.opts.verbose_name|capfirst|escape }}&nbsp;#{{ forloop.counter }}</h2>
+      <h2>{{ bound_related_object.relation.opts.verbose_name|capfirst }}&nbsp;#{{ forloop.counter }}</h2>
       {% if bound_related_object.show_url %}{% if fcw.obj.original %}
       <p><a href="/r/{{ fcw.obj.original.content_type_id }}/{{ fcw.obj.original.id }}/">View on site</a></p>
       {% endif %}{% endif %}

django/contrib/admin/templates/admin/edit_inline_tabular.html

diff --git a/django/contrib/admin/templates/admin/edit_inline_tabular.html b/django/contrib/admin/templates/admin/edit_inline_tabular.html
index 13d5283..e9535df 100644

-              a
 {% load admin_modify %}
 <fieldset class="module">
    <h2>{{ bound_related_object.relation.opts.verbose_name_plural|capfirst|escape }}</h2><table>
+   <h2>{{ bound_related_object.relation.opts.verbose_name_plural|capfirst }}</h2><table>
    <thead><tr>
    {% for fw in bound_related_object.field_wrapper_list %}
       {% if fw.needs_header %}
          <th{{ fw.header_class_attribute }}>{{ fw.field.verbose_name|capfirst|escape }}</th>
+         <th{{ fw.header_class_attribute }}>{{ fw.field.verbose_name|capfirst }}</th>
       {% endif %}
    {% endfor %}
    {% for fcw in bound_related_object.form_field_collection_wrappers %}

django/contrib/admin/templates/admin/filter.html

diff --git a/django/contrib/admin/templates/admin/filter.html b/django/contrib/admin/templates/admin/filter.html
index 8b5b521..2a1ced8 100644

-              a
 <ul>
 {% for choice in choices %}
     <li{% if choice.selected %} class="selected"{% endif %}>
     <a href="{{ choice.query_string }}">{{ choice.display|escape }}</a></li>
+    <a href="{{ choice.query_string|safe }}">{{ choice.display }}</a></li>
 {% endfor %}
 </ul>

django/contrib/admin/templates/admin/index.html

diff --git a/django/contrib/admin/templates/admin/index.html b/django/contrib/admin/templates/admin/index.html
index aa63c14..4efbd32 100644

-              a
         {% for model in app.models %}
             <tr>
             {% if model.perms.change %}
                 <th scope="row"><a href="{{ model.admin_url }}">{{ model.name|escape }}</a></th>
+                <th scope="row"><a href="{{ model.admin_url }}">{{ model.name }}</a></th>
             {% else %}
                 <th scope="row">{{ model.name|escape }}</th>
+                <th scope="row">{{ model.name }}</th>
             {% endif %}
             {% if model.perms.add %}
 …
             {% else %}
             <ul class="actionlist">
             {% for entry in admin_log %}
                 <li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">{% if not entry.is_deletion %}<a href="{{ entry.get_admin_url }}">{% endif %}{{ entry.object_repr|escape }}{% if not entry.is_deletion %}</a>{% endif %}<br /><span class="mini quiet">{{ entry.content_type.name|capfirst|escape }}</span></li>
+                <li class="{% if entry.is_addition %}addlink{% endif %}{% if entry.is_change %}changelink{% endif %}{% if entry.is_deletion %}deletelink{% endif %}">{% if not entry.is_deletion %}<a href="{{ entry.get_admin_url }}">{% endif %}{{ entry.object_repr }}{% if not entry.is_deletion %}</a>{% endif %}<br /><span class="mini quiet">{{ entry.content_type.name|capfirst }}</span></li>
             {% endfor %}
             </ul>
             {% endif %}

django/contrib/admin/templates/admin/invalid_setup.html

diff --git a/django/contrib/admin/templates/admin/invalid_setup.html b/django/contrib/admin/templates/admin/invalid_setup.html
index 1d7d61f..1fa0d32 100644

-              a
 {% extends "admin/base_site.html" %}
 {% load i18n %}
 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans 'Home' %}</a> &rsaquo; {{ title|escape }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../">{% trans 'Home' %}</a> &rsaquo; {{ title }}</div>{% endblock %}
 {% block content %}

django/contrib/admin/templates/admin/object_history.html

diff --git a/django/contrib/admin/templates/admin/object_history.html b/django/contrib/admin/templates/admin/object_history.html
index 14a77b8..5ebd6a4 100644

-              a
 {% load i18n %}
 {% block userlinks %}<a href="../../../../doc/">{% trans 'Documentation' %}</a> / <a href="../../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../../logout/">{% trans 'Log out' %}</a>{% endblock %}
 {% block breadcrumbs %}
 <div class="breadcrumbs"><a href="../../../../">{% trans 'Home' %}</a> &rsaquo; <a href="../../">{{ module_name|escape }}</a> &rsaquo; <a href="../">{{ object|escape|truncatewords:"18" }}</a> &rsaquo; {% trans 'History' %}</div>
+<div class="breadcrumbs"><a href="../../../../">{% trans 'Home' %}</a> &rsaquo; <a href="../../">{{ module_name }}</a> &rsaquo; <a href="../">{{ object|truncatewords:"18" }}</a> &rsaquo; {% trans 'History' %}</div>
 {% endblock %}
 {% block content %}
 …
         {% for action in action_list %}
         <tr>
             <th scope="row">{{ action.action_time|date:_("DATE_WITH_TIME_FULL") }}</th>
             <td>{{ action.user.username }}{% if action.user.first_name %} ({{ action.user.first_name|escape }} {{ action.user.last_name|escape }}){% endif %}</td>
             <td>{{ action.change_message|escape }}</td>
+            <td>{{ action.user.username }}{% if action.user.first_name %} ({{ action.user.first_name }} {{ action.user.last_name }}){% endif %}</td>
+            <td>{{ action.change_message }}</td>
         </tr>
         {% endfor %}
         </tbody>

django/contrib/admin/templates/admin/pagination.html

diff --git a/django/contrib/admin/templates/admin/pagination.html b/django/contrib/admin/templates/admin/pagination.html
index e1c09b2..0640a46 100644

-              a
     {% paginator_number cl i %}
 {% endfor %}
 {% endif %}
 {{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name|escape }}{% else %}{{ cl.opts.verbose_name_plural|escape }}{% endifequal %}
+{{ cl.result_count }} {% ifequal cl.result_count 1 %}{{ cl.opts.verbose_name|escape }}{% else %}{{ cl.opts.verbose_name_plural }}{% endifequal %}
 {% if show_all_url %}&nbsp;&nbsp;<a href="{{ show_all_url }}" class="showall">{% trans 'Show all' %}</a>{% endif %}
 </p>

django/contrib/admin/templates/admin/search_form.html

diff --git a/django/contrib/admin/templates/admin/search_form.html b/django/contrib/admin/templates/admin/search_form.html
index d9126c3..9e40d5e 100644

-              a
 <div id="toolbar"><form id="changelist-search" action="" method="get">
 <div><!-- DIV needed for valid HTML -->
 <label for="searchbar"><img src="{% admin_media_prefix %}img/admin/icon_searchbox.png" alt="Search" /></label>
 <input type="text" size="40" name="{{ search_var }}" value="{{ cl.query|escape }}" id="searchbar" />
+<input type="text" size="40" name="{{ search_var }}" value="{{ cl.query }}" id="searchbar" />
 <input type="submit" value="{% trans 'Go' %}" />
 {% if show_result_count %}
     <span class="small quiet">{% blocktrans count cl.result_count as counter %}1 result{% plural %}{{ counter }} results{% endblocktrans %} (<a href="?">{% blocktrans with cl.full_result_count as full_result_count %}{{ full_result_count }} total{% endblocktrans %}</a>)</span>
 {% endif %}
 {% for pair in cl.params.items %}
     {% ifnotequal pair.0 search_var %}<input type="hidden" name="{{ pair.0|escape }}" value="{{ pair.1|escape }}"/>{% endifnotequal %}
+    {% ifnotequal pair.0 search_var %}<input type="hidden" name="{{ pair.0 }}" value="{{ pair.1 }}"/>{% endifnotequal %}
 {% endfor %}
 </div>
 </form></div>

django/contrib/admin/templates/admin_doc/model_detail.html

diff --git a/django/contrib/admin/templates/admin_doc/model_detail.html b/django/contrib/admin/templates/admin_doc/model_detail.html
index 44fc43e..5cb9a94 100644

-              a
 </style>
 {% endblock %}
 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name|escape }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; <a href="../">Models</a> &rsaquo; {{ name }}</div>{% endblock %}
 {% block title %}Model: {{ name|escape }}{% endblock %}
+{% block title %}Model: {{ name }}{% endblock %}
 {% block content %}
 <div id="content-main">
 <h1>{{ summary|escape }}</h1>
+<h1>{{ summary }}</h1>
 {% if description %}
   <p>{% filter escape|linebreaksbr %}{% trans description %}{% endfilter %}</p>
+  <p>{% filter linebreaksbr %}{% trans description %}{% endfilter %}</p>
 {% endif %}
 <div class="module">
 …
 <tr>
     <td>{{ field.name }}</td>
     <td>{{ field.data_type }}</td>
     <td>{% if field.verbose %}{{ field.verbose|escape }}{% endif %}{% if field.help_text %} - {{ field.help_text|escape }}{% endif %}</td>
+    <td>{% if field.verbose %}{{ field.verbose }}{% endif %}{% if field.help_text %} - {{ field.help_text }}{% endif %}</td>
 </tr>
 {% endfor %}
 </tbody>

django/contrib/admin/templates/admin_doc/template_detail.html

diff --git a/django/contrib/admin/templates/admin_doc/template_detail.html b/django/contrib/admin/templates/admin_doc/template_detail.html
index 280ea91..df67f18 100644

-              a
 {% extends "admin/base_site.html" %}
 {% load i18n %}
 {% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name|escape }}</div>{% endblock %}
+{% block breadcrumbs %}<div class="breadcrumbs"><a href="../../../">Home</a> &rsaquo; <a href="../../">Documentation</a> &rsaquo; Templates &rsaquo; {{ name }}</div>{% endblock %}
 {% block userlinks %}<a href="../../../password_change/">{% trans 'Change password' %}</a> / <a href="../../../logout/">{% trans 'Log out' %}</a>{% endblock %}
 {% block title %}Template: {{ name|escape }}{% endblock %}
+{% block title %}Template: {{ name }}{% endblock %}
 {% block content %}
 <h1>Template: "{{ name|escape }}"</h1>
+<h1>Template: "{{ name }}"</h1>
 {% regroup templates|dictsort:"site_id" by site as templates_by_site %}
 {% for group in templates_by_site %}
     <h2>Search path for template "{{ name|escape }}" on {{ group.grouper }}:</h2>
+    <h2>Search path for template "{{ name }}" on {{ group.grouper }}:</h2>
     <ol>
     {% for template in group.list|dictsort:"order" %}
         <li><code>{{ template.file|escape }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
+        <li><code>{{ template.file }}</code>{% if not template.exists %} <em>(does not exist)</em>{% endif %}</li>
     {% endfor %}
     </ol>
 {% endfor %}

django/contrib/admin/templates/admin_doc/view_detail.html

diff --git a/django/contrib/admin/templates/admin_doc/view_detail.html b/django/contrib/admin/templates/admin_doc/view_detail.html
index ed90657..ba90399 100644

-              a
 <h1>{{ name }}</h1>
 <h2 class="subhead">{{ summary|escape }}</h2>
+<h2 class="subhead">{{ summary }}</h2>
 <p>{{ body }}</p>

django/contrib/admin/templates/widget/foreign.html

diff --git a/django/contrib/admin/templates/widget/foreign.html b/django/contrib/admin/templates/widget/foreign.html
index 301f521..6b43d04 100644

-              a
         {{ bound_field.original_value }}
     {% endif %}
     {% if bound_field.raw_id_admin %}
         {% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14"|escape }}</strong>{% endif %}
+        {% if bound_field.existing_display %}&nbsp;<strong>{{ bound_field.existing_display|truncatewords:"14" }}</strong>{% endif %}
     {% endif %}
 {% endif %}

django/contrib/admin/templates/widget/one_to_one.html

diff --git a/django/contrib/admin/templates/widget/one_to_one.html b/django/contrib/admin/templates/widget/one_to_one.html
index efd0117..a79a123 100644

a	b
1	1	{% if add %}{% include "widget/foreign.html" %}{% endif %}
2		{% if change %}{% if bound_field.existing_display %} <strong>{{ bound_field.existing_display\|truncatewords:"14"~~\|escape~~ }}</strong>{% endif %}{% endif %}
	2	{% if change %}{% if bound_field.existing_display %} <strong>{{ bound_field.existing_display\|truncatewords:"14" }}</strong>{% endif %}{% endif %}

django/contrib/admin/templatetags/admin_list.py

diff --git a/django/contrib/admin/templatetags/admin_list.py b/django/contrib/admin/templatetags/admin_list.py
index 832b356..df5c883 100644

                from django.db import models
 from django.utils import dateformat
 from django.utils.html import escape
 from django.utils.text import capfirst
+from django.utils.safestring import mark_safe
 from django.utils.translation import get_date_formats, get_partial_date_formats
 from django.template import Library
 import datetime
-…
+               def paginator_number(cl,i):
     if i == DOT:
         return '... '
     elif i == cl.page_num:
         return '<span class="this-page">%d</span> ' % (i+1)
+        return mark_safe('<span class="this-page">%d</span> ' % (i+1))
     else:
         return '<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.pages-1 and ' class="end"' or ''), i+1)
+        return mark_safe('<a href="%s"%s>%d</a> ' % (cl.get_query_string({PAGE_VAR: i}), (i == cl.paginator.pages-1 and ' class="end"' or ''), i+1))
 paginator_number = register.simple_tag(paginator_number)
 def pagination(cl):
-…
+               def items_for_result(cl, result):
             first = False
             url = cl.url_for_result(result)
             result_id = str(getattr(result, pk)) # str() is needed in case of 23L (long ints)
             yield ('<%s%s><a href="%s"%s>%s</a></%s>' % \
+            yield mark_safe('<%s%s><a href="%s"%s>%s</a></%s>' % \
                 (table_tag, row_class, url, (cl.is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %r); return false;"' % result_id or ''), result_repr, table_tag))
         else:
             yield ('<td%s>%s</td>' % (row_class, result_repr))
+            yield mark_safe('<td%s>%s</td>' % (row_class, result_repr))
 def results(cl):
     for res in cl.result_list:
-…
+               def date_hierarchy(cl):
         day_lookup = cl.params.get(day_field)
         year_month_format, month_day_format = get_partial_date_formats()
         link = lambda d: cl.get_query_string(d, [field_generic])
+        link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))
         if year_lookup and month_lookup and day_lookup:
             day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup))

django/contrib/admin/templatetags/admin_modify.py

diff --git a/django/contrib/admin/templatetags/admin_modify.py b/django/contrib/admin/templatetags/admin_modify.py
index 7ba7bef..5a27d0e 100644

                from django import template
 from django.contrib.admin.views.main import AdminBoundField
 from django.template import loader
 from django.utils.text import capfirst
+from django.utils.html import escape
+from django.utils.safestring import mark_safe
 from django.db import models
 from django.db.models.fields import Field
 from django.db.models.related import BoundRelatedObject
-…
+               def include_admin_script(script_path):
         <script type="text/javascript" src="/media/admin/js/calendar.js">
     """
     return '<script type="text/javascript" src="%s%s"></script>' % (settings.ADMIN_MEDIA_PREFIX, script_path)
+    return mark_safe('<script type="text/javascript" src="%s%s"></script>' % (settings.ADMIN_MEDIA_PREFIX, script_path))
 include_admin_script = register.simple_tag(include_admin_script)
 def submit_row(context):
-…
+               def field_label(bound_field):
             class_names.append('inline')
         colon = ":"
     class_str = class_names and ' class="%s"' % ' '.join(class_names) or ''
     return '<label for="%s"%s>%s%s</label> ' % (bound_field.element_id, class_str, \
         capfirst(bound_field.field.verbose_name), colon)
+    return mark_safe('<label for="%s"%s>%s%s</label> ' % (bound_field.element_id, class_str, \
+        escape(capfirst(bound_field.field.verbose_name)), colon))
 field_label = register.simple_tag(field_label)
 class FieldWidgetNode(template.Node):
-…
+               def auto_populated_field_script(auto_pop
                      ' var e = document.getElementById("id_%s");' \
                      ' if(!e._changed) { e.value = URLify(%s, %s);} }; ' % (
                      f, field.name, add_values, field.maxlength))
     return ''.join(t)
+    return mark_safe(''.join(t))
 auto_populated_field_script = register.simple_tag(auto_populated_field_script)
 def filter_interface_script_maybe(bound_field):
     f = bound_field.field
     if f.rel and isinstance(f.rel, models.ManyToManyRel) and f.rel.filter_interface:
         return '<script type="text/javascript">addEvent(window, "load", function(e) {' \
+        return mark_safe('<script type="text/javascript">addEvent(window, "load", function(e) {' \
               ' SelectFilter.init("id_%s", "%s", %s, "%s"); });</script>\n' % (
               f.name, f.verbose_name, f.rel.filter_interface-1, settings.ADMIN_MEDIA_PREFIX)
+              f.name, escape(f.verbose_name), f.rel.filter_interface-1, settings.ADMIN_MEDIA_PREFIX))
     else:
         return ''
 filter_interface_script_maybe = register.simple_tag(filter_interface_script_maybe)

django/contrib/admin/utils.py

diff --git a/django/contrib/admin/utils.py b/django/contrib/admin/utils.py
index 9adf09b..4a45a62 100644

-              a
 import re
 from email.Parser import HeaderParser
 from email.Errors import HeaderParseError
+from django.utils.safestring import mark_safe
 try:
     import docutils.core
     import docutils.nodes
-…
+               def parse_rst(text, default_reference_co
     parts = docutils.core.publish_parts(text, source_path=thing_being_parsed,
                 destination_path=None, writer_name='html',
                 settings_overrides=overrides)
     return parts['fragment']
+    return mark_safe(parts['fragment'])
+#
 # reST roles

django/contrib/admin/views/decorators.py

diff --git a/django/contrib/admin/views/decorators.py b/django/contrib/admin/views/decorators.py
index fce5090..a4c9d99 100644

                def _display_login_form(request, error_m
         post_data = _encode_post_data({})
     return render_to_response('admin/login.html', {
         'title': _('Log in'),
         'app_path': request.path,
+        'app_path': mark_safe(request.path),
         'post_data': post_data,
         'error_message': error_message
     }, context_instance=template.RequestContext(request))

django/contrib/admin/views/doc.py

diff --git a/django/contrib/admin/views/doc.py b/django/contrib/admin/views/doc.py
index 68799fc..92f2f71 100644

                from django.http import Http404, get_hos
 from django.core import urlresolvers
 from django.contrib.admin import utils
 from django.contrib.sites.models import Site
+from django.utils.safestring import mark_safe
 import inspect, os, re
 # Exclude methods starting with these strings from documentation
-…
+               def bookmarklets(request):
     # Hack! This couples this view to the URL it lives at.
     admin_root = request.path[:-len('doc/bookmarklets/')]
     return render_to_response('admin_doc/bookmarklets.html', {
         'admin_url': "%s://%s%s" % (request.is_secure() and 'https' or 'http', get_host(request), admin_root),
+        'admin_url': mark_safe("%s://%s%s" % (request.is_secure() and 'https' or 'http', get_host(request), admin_root)),
     }, context_instance=RequestContext(request))
 bookmarklets = staff_member_required(bookmarklets)

django/contrib/admin/views/main.py

diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py
index 705dfad..2cca65e 100644

                from django.db.models.query import handl
 from django.http import Http404, HttpResponse, HttpResponseRedirect
 from django.utils.html import escape
 from django.utils.text import capfirst, get_text_list
+from django.utils.safestring import mark_safe
 import operator
 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE, DELETION
-…
+               class AdminBoundField(object):
         self._repr_filled = False
         if field.rel:
             self.related_url = '../../../%s/%s/' % (field.rel.to._meta.app_label, field.rel.to._meta.object_name.lower())
+            self.related_url = mark_safe('../../../%s/%s/' % (field.rel.to._meta.app_label, field.rel.to._meta.object_name.lower()))
     def original_value(self):
         if self.original:
-…
+               def render_change_form(model, manipulato
         'javascript_imports': get_javascript_imports(opts, auto_populated_fields, field_sets),
         'ordered_objects': ordered_objects,
         'inline_related_objects': inline_related_objects,
         'form_url': form_url,
+        'form_url': mark_safe(form_url),
         'opts': opts,
         'content_type_id': ContentType.objects.get_for_model(model).id,
+    }
-…
+               def _get_deleted_objects(deleted_objects
                     nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), sub_obj), []])
                 else:
                     # Display a link to the admin page.
                     nh(deleted_objects, current_depth, ['%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
                         (capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.object_name.lower(),
                         sub_obj._get_pk_val(), sub_obj), []])
+                    nh(deleted_objects, current_depth, [mark_safe('%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
+                        (escape(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(),
+                        sub_obj._get_pk_val(), escape(sub_obj))), []])
                 _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2)
         else:
             has_related_objs = False
-…
+               def _get_deleted_objects(deleted_objects
                     nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), escape(str(sub_obj))), []])
                 else:
                     # Display a link to the admin page.
                     nh(deleted_objects, current_depth, ['%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
                         (capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(str(sub_obj))), []])
+                    nh(deleted_objects, current_depth, [mark_safe('%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
+                        (escape(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(str(sub_obj)))), []])
                 _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2)
             # If there were related objects, and the user doesn't have
             # permission to delete them, add the missing perm to perms_needed.
-…
+               def _get_deleted_objects(deleted_objects
                 else:
                     # Display a link to the admin page.
                     nh(deleted_objects, current_depth, [
                         (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': related.field.verbose_name, 'name':related.opts.verbose_name}) + \
+                        mark_safe((_('One or more %(fieldname)s in %(name)s:') % {'fieldname': escape(related.field.verbose_name), 'name':related.opts.verbose_name}) + \
                         (' <a href="../../../../%s/%s/%s/">%s</a>' % \
                             (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(str(sub_obj)))), []])
+                            (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(str(sub_obj))))), []])
         # If there were related objects, and the user doesn't have
         # permission to change them, add the missing perm to perms_needed.
         if related.opts.admin and has_related_objs:
-…
+               def delete_stage(request, app_label, mod
     # Populate deleted_objects, a data structure of all related objects that
     # will also be deleted.
+    deleted_objects = ['%s: <a href="../../%s/">%s</a>' % (capfirst(opts.verbose_name), object_id, escape(str(obj))), []]
+    deleted_objects = [mark_safe('%s: <a href="../../%s/">%s</a>' %
+        (escape(capfirst(opts.verbose_name)), object_id, escape(str(obj)))), []]
     perms_needed = sets.Set()
     _get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1)
-…
+               class ChangeList(object):
                 del p[k]
             elif v is not None:
                 p[k] = v
         return '?' + '&amp;'.join(['%s=%s' % (k, v) for k, v in p.items()]).replace(' ', '%20')
+        return mark_safe('?' + '&amp;'.join(['%s=%s' % (k, v) for k, v in p.items()]).replace(' ', '%20'))
     def get_results(self, request):
         paginator = ObjectPaginator(self.query_set, self.lookup_opts.admin.list_per_page)

Download in other formats:

Original Format

Issues

Context Navigation

Ticket #2359: 03-admin-changes.diff

django/contrib/admin/filterspecs.py

django/contrib/admin/models.py

django/contrib/admin/templates/admin/base.html

django/contrib/admin/templates/admin/base_site.html

django/contrib/admin/templates/admin/change_form.html

django/contrib/admin/templates/admin/change_list.html

django/contrib/admin/templates/admin/date_hierarchy.html

django/contrib/admin/templates/admin/delete_confirmation.html

django/contrib/admin/templates/admin/edit_inline_stacked.html

django/contrib/admin/templates/admin/edit_inline_tabular.html

django/contrib/admin/templates/admin/filter.html

django/contrib/admin/templates/admin/index.html

django/contrib/admin/templates/admin/invalid_setup.html

django/contrib/admin/templates/admin/object_history.html

django/contrib/admin/templates/admin/pagination.html

django/contrib/admin/templates/admin/search_form.html

django/contrib/admin/templates/admin_doc/model_detail.html

django/contrib/admin/templates/admin_doc/template_detail.html

django/contrib/admin/templates/admin_doc/view_detail.html

django/contrib/admin/templates/widget/foreign.html

django/contrib/admin/templates/widget/one_to_one.html

django/contrib/admin/templatetags/admin_list.py

django/contrib/admin/templatetags/admin_modify.py

django/contrib/admin/utils.py

django/contrib/admin/views/decorators.py

django/contrib/admin/views/doc.py

django/contrib/admin/views/main.py

Download in other formats:

Django Links

Learn More

Get Involved

Get Help

Follow Us

Support Us