Code

Ticket #5041: quoteurl.2.patch

File quoteurl.2.patch, 3.3 KB (added by jdetaeye@…, 7 years ago)

Updated version of the patch

  • main.py

     
    5656    quoting is slightly different so that it doesn't get automatically 
    5757    unquoted by the Web browser. 
    5858    """ 
    59     if type(s) != type(''): 
    60         return s 
     59    if not isinstance(s,basestring): return s 
    6160    res = list(s) 
    6261    for i in range(len(res)): 
    6362        c = res[i] 
    64         if c in ':/_': 
     63        if c in ':/_#?;@&=+$,"<>%': 
    6564            res[i] = '_%02X' % ord(c) 
    6665    return ''.join(res) 
    6766 
     
    441440                    # Display a link to the admin page. 
    442441                    nh(deleted_objects, current_depth, [u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \ 
    443442                        (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), 
    444                         sub_obj._get_pk_val(), sub_obj), []]) 
     443                        quote(sub_obj._get_pk_val()), escape(sub_obj)), []]) 
    445444                _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2) 
    446445        else: 
    447446            has_related_objs = False 
     
    454453                else: 
    455454                    # Display a link to the admin page. 
    456455                    nh(deleted_objects, current_depth, [u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \ 
    457                         (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(sub_obj)), []]) 
     456                        (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), quote(sub_obj._get_pk_val()), escape(sub_obj)), []]) 
    458457                _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2) 
    459458            # If there were related objects, and the user doesn't have 
    460459            # permission to delete them, add the missing perm to perms_needed. 
     
    487486                    nh(deleted_objects, current_depth, [ 
    488487                        (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': force_unicode(related.field.verbose_name), 'name': force_unicode(related.opts.verbose_name)}) + \ 
    489488                        (u' <a href="../../../../%s/%s/%s/">%s</a>' % \ 
    490                             (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(sub_obj))), []]) 
     489                            (related.opts.app_label, related.opts.module_name, quote(sub_obj._get_pk_val()), escape(sub_obj))), []]) 
    491490        # If there were related objects, and the user doesn't have 
    492491        # permission to change them, add the missing perm to perms_needed. 
    493492        if related.opts.admin and has_related_objs: 
     
    507506 
    508507    # Populate deleted_objects, a data structure of all related objects that 
    509508    # will also be deleted. 
    510     deleted_objects = [u'%s: <a href="../../%s/">%s</a>' % (force_unicode(capfirst(opts.verbose_name)), force_unicode(object_id), escape(obj)), []] 
     509    deleted_objects = [u'%s: <a href="../../%s/">%s</a>' % (force_unicode(capfirst(opts.verbose_name)), quote(force_unicode(object_id)), escape(obj)), []] 
    511510    perms_needed = set() 
    512511    _get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1) 
    513512