mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Fixed #22266 - quote PK before redirecting away from add_view (django.contrib.admin)
This commit is contained in:
		
				
					committed by
					
						 Russell Keith-Magee
						Russell Keith-Magee
					
				
			
			
				
	
			
			
			
						parent
						
							e7ffba8f78
						
					
				
				
					commit
					ebd70d4d00
				
			| @@ -11,7 +11,7 @@ from django.contrib.admin import widgets, helpers | |||||||
| from django.contrib.admin import validation | from django.contrib.admin import validation | ||||||
| from django.contrib.admin.checks import (BaseModelAdminChecks, ModelAdminChecks, | from django.contrib.admin.checks import (BaseModelAdminChecks, ModelAdminChecks, | ||||||
|     InlineModelAdminChecks) |     InlineModelAdminChecks) | ||||||
| from django.contrib.admin.utils import (unquote, flatten_fieldsets, | from django.contrib.admin.utils import (quote, unquote, flatten_fieldsets, | ||||||
|     get_deleted_objects, model_format_dict, NestedObjects, |     get_deleted_objects, model_format_dict, NestedObjects, | ||||||
|     lookup_needs_distinct) |     lookup_needs_distinct) | ||||||
| from django.contrib.admin.templatetags.admin_static import static | from django.contrib.admin.templatetags.admin_static import static | ||||||
| @@ -1099,7 +1099,7 @@ class ModelAdmin(BaseModelAdmin): | |||||||
|             if post_url_continue is None: |             if post_url_continue is None: | ||||||
|                 post_url_continue = reverse('admin:%s_%s_change' % |                 post_url_continue = reverse('admin:%s_%s_change' % | ||||||
|                                             (opts.app_label, opts.model_name), |                                             (opts.app_label, opts.model_name), | ||||||
|                                             args=(pk_value,), |                                             args=(quote(pk_value),), | ||||||
|                                             current_app=self.admin_site.name) |                                             current_app=self.admin_site.name) | ||||||
|             post_url_continue = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, post_url_continue) |             post_url_continue = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, post_url_continue) | ||||||
|             return HttpResponseRedirect(post_url_continue) |             return HttpResponseRedirect(post_url_continue) | ||||||
|   | |||||||
| @@ -1777,6 +1777,30 @@ class AdminViewStringPrimaryKeyTest(TestCase): | |||||||
|             args=(quote(self.pk),)) |             args=(quote(self.pk),)) | ||||||
|         self.assertContains(response, '<a href="%s" class="historylink"' % expected_link) |         self.assertContains(response, '<a href="%s" class="historylink"' % expected_link) | ||||||
|  |  | ||||||
|  |     def test_redirect_on_add_view_continue_button(self): | ||||||
|  |         """As soon as an object is added using "Save and continue editing" | ||||||
|  |         button, the user should be redirected to the object's change_view. | ||||||
|  |  | ||||||
|  |         In case primary key is a string containing some special characters | ||||||
|  |         like slash or underscore, these characters must be escaped (see #22266) | ||||||
|  |         """ | ||||||
|  |         response = self.client.post( | ||||||
|  |             '/test_admin/admin/admin_views/modelwithstringprimarykey/add/', | ||||||
|  |             { | ||||||
|  |                 'string_pk': '123/history', | ||||||
|  |                 "_continue": "1",  # Save and continue editing | ||||||
|  |             } | ||||||
|  |         ) | ||||||
|  |  | ||||||
|  |         self.assertEqual(response.status_code, 302)  # temporary redirect | ||||||
|  |         self.assertEqual( | ||||||
|  |             response['location'], | ||||||
|  |             ( | ||||||
|  |                 'http://testserver/test_admin/admin/admin_views/' | ||||||
|  |                 'modelwithstringprimarykey/123_2Fhistory/'  # PK is quoted | ||||||
|  |             ) | ||||||
|  |         ) | ||||||
|  |  | ||||||
|  |  | ||||||
| @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',), | @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',), | ||||||
|     ROOT_URLCONF="admin_views.urls") |     ROOT_URLCONF="admin_views.urls") | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user