mirror of
https://github.com/django/django.git
synced 2025-10-24 14:16:09 +00:00
Fixed #1375: primary_key values with "bad" characters are now escaped in the admin; thanks, Malcom Tredinnick
git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@2418 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
@@ -42,6 +42,43 @@ use_raw_id_admin = lambda field: isinstance(field.rel, (models.ManyToOne, models
|
||||
class IncorrectLookupParameters(Exception):
|
||||
pass
|
||||
|
||||
def quote(s):
|
||||
"""
|
||||
Ensure that primary key values do not confuse the admin URLs by escaping
|
||||
any '/', '_' and ':' characters. Similar to urllib.quote, except that the
|
||||
quoting is slightly different so that it doesn't get autoamtically
|
||||
unquoted by the web browser.
|
||||
"""
|
||||
if type(s) != type(''):
|
||||
return s
|
||||
res = list(s)
|
||||
for i in range(len(res)):
|
||||
c = res[i]
|
||||
if c in ':/_':
|
||||
res[i] = '_%02X' % ord(c)
|
||||
return ''.join(res)
|
||||
|
||||
def unquote(s):
|
||||
"""
|
||||
Undo the effects of quote(). Based heavily on urllib.unquote().
|
||||
"""
|
||||
mychr = chr
|
||||
myatoi = int
|
||||
list = s.split('_')
|
||||
res = [list[0]]
|
||||
myappend = res.append
|
||||
del list[0]
|
||||
for item in list:
|
||||
if item[1:2]:
|
||||
try:
|
||||
myappend(mychr(myatoi(item[:2], 16))
|
||||
+ item[2:])
|
||||
except ValueError:
|
||||
myappend('_' + item)
|
||||
else:
|
||||
myappend('_' + item)
|
||||
return "".join(res)
|
||||
|
||||
def get_javascript_imports(opts, auto_populated_fields, field_sets):
|
||||
# Put in any necessary JavaScript imports.
|
||||
js = ['js/core.js', 'js/admin/RelatedObjectLookups.js']
|
||||
@@ -252,6 +289,7 @@ add_stage = staff_member_required(add_stage)
|
||||
|
||||
def change_stage(request, app_label, model_name, object_id):
|
||||
model = models.get_model(app_label, model_name)
|
||||
object_id = unquote(object_id)
|
||||
if model is None:
|
||||
raise Http404, "App %r, model %r, not found" % (app_label, model_name)
|
||||
opts = model._meta
|
||||
@@ -435,6 +473,7 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current
|
||||
def delete_stage(request, app_label, model_name, object_id):
|
||||
import sets
|
||||
model = models.get_model(app_label, model_name)
|
||||
object_id = unquote(object_id)
|
||||
if model is None:
|
||||
raise Http404, "App %r, model %r, not found" % (app_label, model_name)
|
||||
opts = model._meta
|
||||
@@ -470,6 +509,7 @@ delete_stage = staff_member_required(delete_stage)
|
||||
|
||||
def history(request, app_label, model_name, object_id):
|
||||
model = models.get_model(app_label, model_name)
|
||||
object_id = unquote(object_id)
|
||||
if model is None:
|
||||
raise Http404, "App %r, model %r, not found" % (app_label, model_name)
|
||||
action_list = LogEntry.objects.filter(object_id=object_id,
|
||||
@@ -663,7 +703,7 @@ class ChangeList(object):
|
||||
return qs
|
||||
|
||||
def url_for_result(self, result):
|
||||
return "%s/" % getattr(result, self.pk_attname)
|
||||
return "%s/" % quote(getattr(result, self.pk_attname))
|
||||
|
||||
def change_list(request, app_label, model_name):
|
||||
model = models.get_model(app_label, model_name)
|
||||
|
Reference in New Issue
Block a user