Ticket #5490: ecaping_url.patch

File ecaping_url.patch, 7.4 KB (added by jdetaeye, 17 years ago)

patch

  • django/contrib/admin/models.py

     
    4949        Returns the admin URL to edit the object represented by this log entry.
    5050        This is relative to the Django admin index page.
    5151        """
    52         return u"%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id)
     52        from django.contrib.admin.views.main import quote
     53        return u"%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, quote(self.object_id))

  • django/contrib/admin/options.py

     
    190190    def fieldsets_add(self, request):
    191191        "Hook for specifying fieldsets for the add form."
    192192        raise NotImplementedError
    193    
     193
    194194    def fieldsets_change(self, request, obj):
    195195        "Hook for specifying fieldsets for the change form."
    196196        raise NotImplementedError
     
    198198class ModelAdmin(BaseModelAdmin):
    199199    "Encapsulates all admin options and functionality for a given model."
    200200    __metaclass__ = forms.MediaDefiningClass
    201    
     201
    202202    list_display = ('__str__',)
    203203    list_display_links = ()
    204204    list_filter = ()
     
    256256            js.extend(['js/getElementsBySelector.js', 'js/dom-drag.js' , 'js/admin/ordering.js'])
    257257        if self.filter_vertical or self.filter_horizontal:
    258258            js.extend(['js/SelectBox.js' , 'js/SelectFilter2.js'])
    259        
     259
    260260        return forms.Media(js=['%s%s' % (settings.ADMIN_MEDIA_PREFIX, url) for url in js])
    261261    media = property(_media)
    262    
     262
    263263    def has_add_permission(self, request):
    264264        "Returns True if the given request has permission to add an object."
    265265        opts = self.opts
     
    394394        Saves the object in the "change" stage and returns an HttpResponseRedirect.
    395395
    396396        `form` is a bound Form instance that's verified to be valid.
    397        
     397
    398398        `formsets` is a sequence of InlineFormSet instances that are verified to be valid.
    399399        """
    400400        from django.contrib.admin.models import LogEntry, CHANGE
     
    545545                        #related.get_accessor_name())
    546546                #orig_list = func()
    547547                #oldform.order_objects.extend(orig_list)
    548                
     548
    549549        adminForm = AdminForm(form, self.fieldsets_change(request, obj), self.prepopulated_fields)
    550550        media = self.media + adminForm.media
    551551        for fs in inline_formsets:
     
    601601        "The 'delete' admin view for this model."
    602602        from django.contrib.contenttypes.models import ContentType
    603603        from django.contrib.admin.models import LogEntry, DELETION
     604        from django.contrib.admin.views.main import quote
    604605        opts = self.model._meta
    605606        app_label = opts.app_label
    606607
     
    620621
    621622        # Populate deleted_objects, a data structure of all related objects that
    622623        # will also be deleted.
    623         deleted_objects = [u'%s: <a href="../../%s/">%s</a>' % (force_unicode(capfirst(opts.verbose_name)), object_id, escape(str(obj))), []]
     624        deleted_objects = [u'%s: <a href="../../%s/">%s</a>' % (force_unicode(capfirst(opts.verbose_name)), quote(object_id), escape(str(obj))), []]
    624625        perms_needed = sets.Set()
    625626        get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1)
    626627

  • django/contrib/admin/util.py

     
    1212
    1313def get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current_depth):
    1414    "Helper function that recursively populates deleted_objects."
     15    from django.contrib.admin.views.main import quote
    1516    nh = _nest_help # Bind to local variable for performance
    1617    if current_depth > 16:
    1718        return # Avoid recursing too deep.
     
    3637                if related.field.rel.edit_inline or not related.opts.admin:
    3738                    # Don't display link to edit, because it either has no
    3839                    # admin or is edited inline.
    39                     nh(deleted_objects, current_depth, [u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), sub_obj), []])
     40                    nh(deleted_objects, current_depth, [u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), escape(sub_obj)), []])
    4041                else:
    4142                    # Display a link to the admin page.
    4243                    nh(deleted_objects, current_depth, [u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
    4344                        (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(),
    44                         sub_obj._get_pk_val(), sub_obj), []])
     45                        quote(sub_obj._get_pk_val()), escape(sub_obj)), []])
    4546                get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2)
    4647        else:
    4748            has_related_objs = False
     
    5455                else:
    5556                    # Display a link to the admin page.
    5657                    nh(deleted_objects, current_depth, [u'%s: <a href="../../../../%s/%s/%s/">%s</a>' % \
    57                         (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), sub_obj._get_pk_val(), escape(sub_obj)), []])
     58                        (force_unicode(capfirst(related.opts.verbose_name)), related.opts.app_label, related.opts.object_name.lower(), quote(sub_obj._get_pk_val()), escape(sub_obj)), []])
    5859                get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2)
    5960            # If there were related objects, and the user doesn't have
    6061            # permission to delete them, add the missing perm to perms_needed.
     
    8788                    nh(deleted_objects, current_depth, [
    8889                        (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': force_unicode(related.field.verbose_name), 'name': force_unicode(related.opts.verbose_name)}) + \
    8990                        (u' <a href="../../../../%s/%s/%s/">%s</a>' % \
    90                             (related.opts.app_label, related.opts.module_name, sub_obj._get_pk_val(), escape(sub_obj))), []])
     91                            (related.opts.app_label, related.opts.module_name, quote(sub_obj._get_pk_val()), escape(sub_obj))), []])
    9192        # If there were related objects, and the user doesn't have
    9293        # permission to change them, add the missing perm to perms_needed.
    9394        if related.opts.admin and has_related_objs:

  • django/contrib/admin/views/main.py

     
    4343    quoting is slightly different so that it doesn't get automatically
    4444    unquoted by the Web browser.
    4545    """
    46     if type(s) != type(''):
    47         return s
     46    if not isinstance(s,basestring): return s
    4847    res = list(s)
    4948    for i in range(len(res)):
    5049        c = res[i]
    51         if c in ':/_':
     50        if c in ':/_#?;@&=+$,"<>%':
    5251            res[i] = '_%02X' % ord(c)
    5352    return ''.join(res)
    5453
Back to Top