1
0
mirror of https://github.com/django/django.git synced 2025-10-26 07:06:08 +00:00

Fixed #22266 - quote PK before redirecting away from add_view (django.contrib.admin)

This commit is contained in:
Stas Rudakou
2014-05-16 18:56:25 +03:00
committed by Russell Keith-Magee
parent e7ffba8f78
commit ebd70d4d00
2 changed files with 26 additions and 2 deletions

View File

@@ -11,7 +11,7 @@ from django.contrib.admin import widgets, helpers
from django.contrib.admin import validation
from django.contrib.admin.checks import (BaseModelAdminChecks, ModelAdminChecks,
InlineModelAdminChecks)
from django.contrib.admin.utils import (unquote, flatten_fieldsets,
from django.contrib.admin.utils import (quote, unquote, flatten_fieldsets,
get_deleted_objects, model_format_dict, NestedObjects,
lookup_needs_distinct)
from django.contrib.admin.templatetags.admin_static import static
@@ -1099,7 +1099,7 @@ class ModelAdmin(BaseModelAdmin):
if post_url_continue is None:
post_url_continue = reverse('admin:%s_%s_change' %
(opts.app_label, opts.model_name),
args=(pk_value,),
args=(quote(pk_value),),
current_app=self.admin_site.name)
post_url_continue = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, post_url_continue)
return HttpResponseRedirect(post_url_continue)

View File

@@ -1777,6 +1777,30 @@ class AdminViewStringPrimaryKeyTest(TestCase):
args=(quote(self.pk),))
self.assertContains(response, '<a href="%s" class="historylink"' % expected_link)
def test_redirect_on_add_view_continue_button(self):
"""As soon as an object is added using "Save and continue editing"
button, the user should be redirected to the object's change_view.
In case primary key is a string containing some special characters
like slash or underscore, these characters must be escaped (see #22266)
"""
response = self.client.post(
'/test_admin/admin/admin_views/modelwithstringprimarykey/add/',
{
'string_pk': '123/history',
"_continue": "1", # Save and continue editing
}
)
self.assertEqual(response.status_code, 302) # temporary redirect
self.assertEqual(
response['location'],
(
'http://testserver/test_admin/admin/admin_views/'
'modelwithstringprimarykey/123_2Fhistory/' # PK is quoted
)
)
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',),
ROOT_URLCONF="admin_views.urls")