Ticket #2986: addslashes.patch

django/contrib/admin/views/main.py

@@ -12 +12 @@
 from django.http import Http404, HttpResponse, HttpResponseRedirect
 from django.utils.html import escape
 from django.utils.text import capfirst, get_text_list
+from django.template.defaultfilters import addslashes
 import operator
 
 from django.contrib.admin.models import LogEntry, ADDITION, CHANGE, DELETION
@@ -263 +264 @@
                     post_url_continue += "?_popup=1"
                 return HttpResponseRedirect(post_url_continue % pk_value)
             if request.POST.has_key("_popup"):
+               print pk_value
                 if type(pk_value) is str: # Quote if string, so JavaScript doesn't think it's a variable.
-                    pk_value = '"%s"' % pk_value.replace('"', '\\"')
+                    pk_value = '"%s"' % addslashes(pk_value)
                 return HttpResponse('<script type="text/javascript">opener.dismissAddAnotherPopup(window, %s, "%s");</script>' % \
-                    (pk_value, str(new_object).replace('"', '\\"')))
+                    (pk_value, addslashes(str(new_object))))
             elif request.POST.has_key("_addanother"):
                 request.user.message_set.create(message=msg + ' ' + (_("You may add another %s below.") % opts.verbose_name))
                 return HttpResponseRedirect(request.path)

django/template/defaultfilters.py

@@ -15 +15 @@
 
 def addslashes(value):
     "Adds slashes - useful for passing strings to JavaScript, for example."
-    return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'")
+    return value.replace('\\', '\\\\').replace('"', '\\"').replace("'", "\\'").replace('\n', '\\n')
 
 def capfirst(value):
     "Capitalizes the first character of the value"