Opened 18 years ago
Closed 16 years ago
#4074 closed (fixed)
admin interface filter.html does not encode url attributes properly
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | contrib.admin | Version: | newforms-admin |
| Severity: | Keywords: | ampersand filter | |
| Cc: | robert@… | Triage Stage: | Ready for checkin |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
If you filter on a field that has a value that includes an ampersand when selecting that value to filter on it does not work.
The output of filter.html for an example
<li>
<a href="?title=Escapade%20-%20Adult%20Kayak%20&%20Snorkel,%20Northwest%20Maui">Escapade - Adult Kayak & Snorkel, Northwest Maui</a></li>
I tried using the urlencode filter, but it encodes the ? as well which causes it to fail also.
<a href="{{ choice.query_string|urlencode }}">{{ choice.display|escape }}</a></li>
If I change the following it works. I know this is not the right place.
In filter.html
change
<a href="{{ choice.query_string }}">{{ choice.display|escape }}</a></li>
to
<a href="{{ choice.query_string|fix_ampersands }}">{{ choice.display|escape }}</a></li>
in html.py
change
def fix_ampersands(value):
"Returns the given HTML with all unencoded ampersands encoded correctly"
return unencoded_ampersands_re.sub('&', value)
to
def fix_ampersands(value):
"Returns the given HTML with all unencoded ampersands encoded correctly"
return unencoded_ampersands_re.sub('%26', value)
Attachments (4)
Change History (12)
comment:1 by , 17 years ago
| Version: | new-admin → SVN |
|---|
by , 17 years ago
| Attachment: | django-4074-admin-querystring-quote.patch added |
|---|
by , 17 years ago
| Attachment: | django-4074-admin-querystring-quote2.patch added |
|---|
better unicode version
comment:2 by , 17 years ago
| Has patch: | set |
|---|
Not sure if this would be acceptable, but it's a patch which will make sure the querystring is more useable everywhere. It solves '&', and also a problem I have been having with '>' (which when used in another form confuses the CSRF substitution regexp!)
comment:3 by , 17 years ago
| Cc: | added |
|---|
comment:4 by , 17 years ago
| Patch needs improvement: | set |
|---|---|
| Summary: | admin interface filter.html does not encode & properly → admin interface filter.html does not encode url attributes properly |
| Triage Stage: | Unreviewed → Accepted |
by , 17 years ago
comment:5 by , 17 years ago
| Patch needs improvement: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
New patch (against SVN trunk, not newforms-admin branch) which fixes the issue at the core. I also added a small optimization.
The code in question hasn't changed in newforms, it may as well be fixed on trunk, yes?
comment:6 by , 16 years ago
| Triage Stage: | Ready for checkin → Accepted |
|---|---|
| Version: | SVN → newforms-admin |
Not worth fixing on trunk, since newforms-admin is so close. Pushing to the newforms-admin branch, though, so they can check it's been fixed over there.
comment:7 by , 16 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
No, it hasn't been fixed in newforms-admin. Verified the problem and that the patch (rebased since the trunk version would not apply) fixes it.
comment:8 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
One way to patch it - saves lots of potential problems with the query string