Opened 17 years ago

Closed 16 years ago

Last modified 13 years ago

#6101 closed (fixed)

Seeing ", etc. in admin list of related object to be deleted

Reported by: Karen Tracey <kmtracey@…> Owned by: anonymous
Component: contrib.admin Version: newforms-admin
Severity: Keywords: autoescape nfa-someday
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I'm seeing &quot;, etc. in the admin list of related objects to be deleted, when the related objects are edited inline and therefore do not have an associated link:

Are you sure you want to delete the puzzles "NYT Sat 2007-11-17"? All of the following related items will be deleted:

    * Puzzles: NYT Sat 2007-11-17
          o Clues: CAMPHOROIL: Liniment ingredient
          o Clues: MITA: Certain copier
          o Clues: UNITARIANS: Presidents Adams, Fillmore and Taft
          o Clues: APIN: &quot;... on the head of ____?&quot;

It looks like there's a missing mark_safe around where these items are created (after the object representation has been escaped) on line 57 here:

http://code.djangoproject.com/browser/django/branches/newforms-admin/django/contrib/admin/util.py#L57

I think it should be:

nh(deleted_objects, current_depth, [mark_safe(u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), escape(sub_obj))), []])

Making this change gets rid of the &quot;s I see in my list of related items to be deleted -- they display as quotes.

Hmm, I just noticed a few lines up (line 41) in the code for the OneToOne case that there seems to be a missing escape around sub_obj:

http://code.djangoproject.com/browser/django/branches/newforms-admin/django/contrib/admin/util.py#L41

Shouldn't that also be:

nh(deleted_objects, current_depth, [mark_safe(u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), escape(sub_obj))), []])

?

Change History (9)

comment:1 by Karen Tracey <kmtracey@…>, 17 years ago

Component: UncategorizedAdmin interface

comment:2 by Karen Tracey <kmtracey@…>, 17 years ago

The corresponding code in the trunk (located in a different place) seems to have the same problems here:

http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/views/main.py#L457

and here:

http://code.djangoproject.com/browser/django/trunk/django/contrib/admin/views/main.py#L441

comment:3 by jdetaeye, 17 years ago

Ticket #5490 is a bit related: also the links to the objects being deleted are not escaped correctly...

comment:4 by Simon G <dev@…>, 17 years ago

Triage Stage: UnreviewedAccepted

jdetaeye - is this a dupe of #5490?

comment:5 by jdetaeye, 17 years ago

Simon G: No, it's not a duplicate. #5490 is slightly broader. This case is about escaping html characters, whereas #5490 also takes care about the encoding of urls.

comment:6 by Karen Tracey <kmtracey@…>, 17 years ago

Keywords: nfa-someday added
Owner: changed from nobody to anonymous
Status: newassigned

This display wart should not block the merge of newforms-admin to trunk, besides, the same problem exists on trunk too.

comment:7 by Karen Tracey <kmtracey@…>, 16 years ago

milestone: 1.0

Reported again in #8258. Marking 1.0 since it's a bug.

comment:8 by Malcolm Tredinnick, 16 years ago

Resolution: fixed
Status: assignedclosed

(In [8575]) Fixed #6101 -- Tweaked a couple of places in the delete-related-objects
collection for the admin so that auto-escaping can do the right thing: not too
many times, not too few. Thanks to Karen Tracey for debugging most of this.

comment:9 by Jacob, 13 years ago

milestone: 1.0

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top