Ticket #5041: quoteurl.2.patch

File quoteurl.2.patch, 3.3 KB (added by jdetaeye@…, 8 years ago)

Updated version of the patch

  • main.py

     
    5656    quoting is slightly different so that it doesn't get automatically
    5757    unquoted by the Web browser.
    5858    """
    59     if type(s) != type(''):
    60         return s
     59    if not isinstance(s,basestring): return s
    6160    res = list(s)
    6261    for i in range(len(res)):
    6362        c = res[i]
    64         if c in ':/_':
     63        if c in ':/_#?;@&=+$,"<>%':
    6564            res[i] = '_%02X' % ord(c)
    6665    return ''.join(res)
    6766
     
    441440                    # Display a link to the admin page.
    442441                    nh(deleted_objects, current_depth, [u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
    443442                        (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(),
    444                         sub_obj._get_pk_val(), sub_obj), []])
     443                        quote(sub_obj._get_pk_val()), escape(sub_obj)), []])
    445444                _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2)
    446445        else:
    447446            has_related_objs = False
     
    454453                else:
    455454                    # Display a link to the admin page.
    456455                    nh(deleted_objects, current_depth, [u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
    457                         (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(sub_obj)), []])
     456                        (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), quote(sub_obj._get_pk_val()), escape(sub_obj)), []])
    458457                _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2)
    459458            # If there were related objects, and the user doesn't have
    460459            # permission to delete them, add the missing perm to perms_needed.
     
    487486                    nh(deleted_objects, current_depth, [
    488487                        (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': force_unicode(related.field.verbose_name), 'name': force_unicode(related.opts.verbose_name)}) + \
    489488                        (u' <a href="../../../../%s/%s/%s/">%s</a>' % \
    490                             (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(sub_obj))), []])
     489                            (related.opts.app_label, related.opts.module_name, quote(sub_obj._get_pk_val()), escape(sub_obj))), []])
    491490        # If there were related objects, and the user doesn't have
    492491        # permission to change them, add the missing perm to perms_needed.
    493492        if related.opts.admin and has_related_objs:
     
    507506
    508507    # Populate deleted_objects, a data structure of all related objects that
    509508    # will also be deleted.
    510     deleted_objects = [u'%s: <a href="../../%s/">%s</a>' % (force_unicode(capfirst(opts.verbose_name)), force_unicode(object_id), escape(obj)), []]
     509    deleted_objects = [u'%s: <a href="../../%s/">%s</a>' % (force_unicode(capfirst(opts.verbose_name)), quote(force_unicode(object_id)), escape(obj)), []]
    511510    perms_needed = set()
    512511    _get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1)
    513512
Back to Top