diff --git a/django/contrib/admin/models.py b/django/contrib/admin/models.py index 23c8661..49ed868 100644 --- a/django/contrib/admin/models.py +++ b/django/contrib/admin/models.py @@ -4,6 +4,8 @@ from django.contrib.auth.models import User from django.utils.translation import ugettext_lazy as _ from django.utils.encoding import smart_unicode from django.utils.safestring import mark_safe +from django.utils.html import urlquote + ADDITION = 1 CHANGE = 2 @@ -41,6 +43,7 @@ class LogEntry(models.Model): def is_deletion(self): return self.action_flag == DELETION + def get_edited_object(self): "Returns the edited object represented by this log entry" return self.content_type.get_object_for_this_type(pk=self.object_id) @@ -50,4 +53,4 @@ class LogEntry(models.Model): Returns the admin URL to edit the object represented by this log entry. This is relative to the Django admin index page. """ - return mark_safe(u"%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, self.object_id)) + return mark_safe(u"%s/%s/%s/" % (self.content_type.app_label, self.content_type.model, urlquote(self.object_id))) diff --git a/django/contrib/admin/templatetags/admin_list.py b/django/contrib/admin/templatetags/admin_list.py index 1757906..e025de9 100644 --- a/django/contrib/admin/templatetags/admin_list.py +++ b/django/contrib/admin/templatetags/admin_list.py @@ -4,7 +4,7 @@ from django.contrib.admin.views.main import ORDER_VAR, ORDER_TYPE_VAR, PAGE_VAR, from django.core.exceptions import ObjectDoesNotExist from django.db import models from django.utils import dateformat -from django.utils.html import escape, conditional_escape +from django.utils.html import escape, conditional_escape, urlquote from django.utils.text import capfirst from django.utils.safestring import mark_safe from django.utils.translation import get_date_formats, get_partial_date_formats, ugettext as _ @@ -194,8 +194,9 @@ def items_for_result(cl, result): # Convert the pk to something that can be used in Javascript. # Problem cases are long ints (23L) and non-ASCII strings. result_id = repr(force_unicode(getattr(result, pk)))[1:] + yield mark_safe(u'<%s%s>%s%s>' % \ - (table_tag, row_class, url, (cl.is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %s); return false;"' % result_id or ''), conditional_escape(result_repr), table_tag)) + (table_tag, row_class, urlquote(url), (cl.is_popup and ' onclick="opener.dismissRelatedLookupPopup(window, %s); return false;"' % result_id or ''), conditional_escape(result_repr), table_tag)) else: yield mark_safe(u'