From f15ce2d82018f19130d2d9d350a4f910351b6eab Mon Sep 17 00:00:00 2001 From: Adrian Holovaty Date: Sun, 15 Jan 2006 06:30:21 +0000 Subject: [PATCH] magic-removal: Merged to [1982] git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@1983 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/admin/templatetags/admin_list.py | 6 +++--- django/contrib/admin/views/main.py | 2 +- django/contrib/admin/views/stages/delete.py | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/django/contrib/admin/templatetags/admin_list.py b/django/contrib/admin/templatetags/admin_list.py index 280a1922c7..8bc956154c 100644 --- a/django/contrib/admin/templatetags/admin_list.py +++ b/django/contrib/admin/templatetags/admin_list.py @@ -5,7 +5,7 @@ from django import template from django.core.exceptions import ObjectDoesNotExist from django.db import models from django.utils import dateformat -from django.utils.html import strip_tags, escape +from django.utils.html import escape from django.utils.text import capfirst from django.utils.translation import get_date_formats from django.conf.settings import ADMIN_MEDIA_PREFIX @@ -123,7 +123,7 @@ def items_for_result(cl, result): # Strip HTML tags in the resulting text, except if the # function has an "allow_tags" attribute set to True. if not getattr(func, 'allow_tags', False): - result_repr = strip_tags(result_repr) + result_repr = escape(result_repr) else: field_val = getattr(result, f.attname) @@ -164,7 +164,7 @@ def items_for_result(cl, result): elif f.choices: result_repr = dict(f.choices).get(field_val, EMPTY_CHANGELIST_VALUE) else: - result_repr = strip_tags(str(field_val)) + result_repr = escape(str(field_val)) if result_repr == '': result_repr = ' ' if first: # First column is a special case diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py index 3314dd3c69..bb2bd0bba9 100644 --- a/django/contrib/admin/views/main.py +++ b/django/contrib/admin/views/main.py @@ -9,7 +9,7 @@ from django.core.exceptions import ImproperlyConfigured, ObjectDoesNotExist, Per from django.template import RequestContext as Context from django.core.extensions import get_object_or_404, render_to_response from django.utils import dateformat -from django.utils.html import escape, strip_tags +from django.utils.html import escape from django.http import HttpResponse, HttpResponseRedirect from django.utils.text import capfirst, get_text_list import operator diff --git a/django/contrib/admin/views/stages/delete.py b/django/contrib/admin/views/stages/delete.py index 80fb0a8f7b..84a450b6e7 100644 --- a/django/contrib/admin/views/stages/delete.py +++ b/django/contrib/admin/views/stages/delete.py @@ -3,7 +3,7 @@ from django.contrib.admin.views.main import get_model_and_app from django.core.extensions import get_object_or_404,render_to_response from django.template import RequestContext as Context from django.utils.text import capfirst -from django.utils.html import escape, strip_tags +from django.utils.html import escape from django.db import models try: from django.contrib.admin.models import LogEntry, ADDITION, CHANGE, DELETION @@ -57,11 +57,11 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current if related.field.rel.edit_inline or not related.opts.admin: # Don't display link to edit, because it either has no # admin or is edited inline. - nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), strip_tags(str(sub_obj))), []]) + nh(deleted_objects, current_depth, ['%s: %s' % (capfirst(related.opts.verbose_name), escape(str(sub_obj))), []]) else: # Display a link to the admin page. nh(deleted_objects, current_depth, ['%s: %s' % \ - (capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), strip_tags(str(sub_obj))), []]) + (capfirst(related.opts.verbose_name), related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), escape(str(sub_obj))), []]) _get_deleted_objects(deleted_objects, perms_needed, user, sub_obj, related.opts, current_depth+2) # If there were related objects, and the user doesn't have # permission to delete them, add the missing perm to perms_needed. @@ -81,13 +81,13 @@ def _get_deleted_objects(deleted_objects, perms_needed, user, obj, opts, current # Don't display link to edit, because it either has no # admin or is edited inline. nh(deleted_objects, current_depth, [_('One or more %(fieldname)s in %(name)s: %(obj)s') % \ - {'fieldname': related.field.name, 'name': related.opts.verbose_name, 'obj': strip_tags(str(sub_obj))}, []]) + {'fieldname': related.field.name, 'name': related.opts.verbose_name, 'obj': escape(str(sub_obj))}, []]) else: # Display a link to the admin page. nh(deleted_objects, current_depth, [ (_('One or more %(fieldname)s in %(name)s:') % {'fieldname': related.field.name, 'name':related.opts.verbose_name}) + \ (' %s' % \ - (related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), strip_tags(str(sub_obj)))), []]) + (related.opts.app_label, related.opts.module_name, getattr(sub_obj, related.opts.pk.attname), escape(str(sub_obj)))), []]) # If there were related objects, and the user doesn't have # permission to change them, add the missing perm to perms_needed. if related.opts.admin and has_related_objs: @@ -106,7 +106,7 @@ def delete_stage(request, path, object_id): # Populate deleted_objects, a data structure of all related objects that # will also be deleted. - deleted_objects = ['%s: %s' % (capfirst(opts.verbose_name), object_id, strip_tags(str(obj))), []] + deleted_objects = ['%s: %s' % (capfirst(opts.verbose_name), object_id, escape(str(obj))), []] perms_needed = sets.Set() _get_deleted_objects(deleted_objects, perms_needed, request.user, obj, opts, 1)