Opened 8 years ago

Closed 7 years ago

Last modified 4 years ago

#6101 closed (fixed)

Seeing ", etc. in admin list of related object to be deleted

Reported by: Karen Tracey <kmtracey@…> Owned by: anonymous
Component: contrib.admin Version: newforms-admin
Severity: Keywords: autoescape nfa-someday
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I'm seeing &quot;, etc. in the admin list of related objects to be deleted, when the related objects are edited inline and therefore do not have an associated link:

Are you sure you want to delete the puzzles "NYT Sat 2007-11-17"? All of the following related items will be deleted:

    * Puzzles: NYT Sat 2007-11-17
          o Clues: CAMPHOROIL: Liniment ingredient
          o Clues: MITA: Certain copier
          o Clues: UNITARIANS: Presidents Adams, Fillmore and Taft
          o Clues: APIN: &quot;... on the head of ____?&quot;

It looks like there's a missing mark_safe around where these items are created (after the object representation has been escaped) on line 57 here:

http://code.djangoproject.com/browser/django/branches/newforms-admin/django/contrib/admin/util.py#L57

I think it should be:

nh(deleted_objects, current_depth, [mark_safe(u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), escape(sub_obj))), []])

Making this change gets rid of the &quot;s I see in my list of related items to be deleted -- they display as quotes.

Hmm, I just noticed a few lines up (line 41) in the code for the OneToOne case that there seems to be a missing escape around sub_obj:

http://code.djangoproject.com/browser/django/branches/newforms-admin/django/contrib/admin/util.py#L41

Shouldn't that also be:

nh(deleted_objects, current_depth, [mark_safe(u'%s: %s' % (force_unicode(capfirst(related.opts.verbose_name)), escape(sub_obj))), []])

?

Change History (9)

comment:1 Changed 8 years ago by Karen Tracey <kmtracey@…>

  • Component changed from Uncategorized to Admin interface
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:2 Changed 8 years ago by Karen Tracey <kmtracey@…>

comment:3 Changed 8 years ago by jdetaeye

Ticket #5490 is a bit related: also the links to the objects being deleted are not escaped correctly...

comment:4 Changed 8 years ago by Simon G <dev@…>

  • Triage Stage changed from Unreviewed to Accepted

jdetaeye - is this a dupe of #5490?

comment:5 Changed 8 years ago by jdetaeye

Simon G: No, it's not a duplicate. #5490 is slightly broader. This case is about escaping html characters, whereas #5490 also takes care about the encoding of urls.

comment:6 Changed 8 years ago by Karen Tracey <kmtracey@…>

  • Keywords nfa-someday added
  • Owner changed from nobody to anonymous
  • Status changed from new to assigned

This display wart should not block the merge of newforms-admin to trunk, besides, the same problem exists on trunk too.

comment:7 Changed 7 years ago by Karen Tracey <kmtracey@…>

  • milestone set to 1.0

Reported again in #8258. Marking 1.0 since it's a bug.

comment:8 Changed 7 years ago by mtredinnick

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [8575]) Fixed #6101 -- Tweaked a couple of places in the delete-related-objects
collection for the admin so that auto-escaping can do the right thing: not too
many times, not too few. Thanks to Karen Tracey for debugging most of this.

comment:9 Changed 4 years ago by jacob

  • milestone 1.0 deleted

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top