mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-04 09:49:12 +00:00
Code Issues 32 Releases Wiki Activity

newforms-admin: Fixed #6722. Admin widgets are now marked safe.

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/branches/newforms-admin@6782 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Joseph Kocherhans 2007-11-30 20:55:26 +00:00
parent 17dbd788b3
commit fcb30a11d8
6 changed files with 51 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/admin/options.py
View File

@ -101,7 +101,7 @@ class Fieldline(object):
yield AdminField(self.form, field, is_first=(i == 0))
def errors(self):
return u'\n'.join([self.form[f].errors.as_ul() for f in self.fields])
return mark_safe(u'\n'.join([self.form[f].errors.as_ul() for f in self.fields]))
class AdminField(object):
def __init__(self, form, field, is_first):

6
django/contrib/admin/templatetags/admin_list.py
View File

@ -114,7 +114,7 @@ def result_headers(cl):
yield {"text": header,
"sortable": True,
"url": cl.get_query_string({ORDER_VAR: i, ORDER_TYPE_VAR: new_order_type}),
"class_attrib": (th_classes and ' class="%s"' % ' '.join(th_classes) or '')}
"class_attrib": mark_safe((th_classes and ' class="%s"' % ' '.join(th_classes) or ''))}
def _boolean_icon(field_val):
BOOLEAN_MAPPING = {True: 'yes', False: 'no', None: 'unknown'}
@ -148,8 +148,6 @@ def items_for_result(cl, result):
# function has an "allow_tags" attribute set to True.
if not allow_tags:
result_repr = escape(result_repr)
else:
result_repr = mark_safe(result_repr)
else:
field_val = getattr(result, f.attname)
@ -187,7 +185,7 @@ def items_for_result(cl, result):
else:
result_repr = escape(field_val)
if force_unicode(result_repr) == '':
result_repr = mark_safe(' ')
result_repr = ' '
# If list_display_links not defined, add the link tag to the first field
if (first and not cl.list_display_links) or field_name in cl.list_display_links:
table_tag = {True:'th', False:'td'}[first]

5
django/contrib/admin/tests/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from django.contrib.admin.tests import widgets
__test__ = {
'WIDGET_TESTS': widgets,
}

35
django/contrib/admin/tests/widgets.py Normal file
View File

@ -0,0 +1,35 @@
"""
>>> from datetime import datetime
>>> from django.utils.html import escape, conditional_escape
>>> from django.contrib.admin.widgets import FilteredSelectMultiple, AdminSplitDateTime
>>> from django.contrib.admin.widgets import AdminFileWidget, ForeignKeyRawIdWidget
>>> from django.contrib.admin.widgets import RelatedFieldWidgetWrapper
>>> from django.contrib.admin.models import LogEntry
Calling conditional_escape on the output of widget.render will simulate what
happens in the template. This is easier than setting up a template and context
for each test.
Make sure that the Admin widgets render properly, that is, without their extra
HTML escaped.
>>> w = FilteredSelectMultiple('test', False)
>>> print conditional_escape(w.render('test', 'test'))
<select multiple="multiple" name="test">
</select><script type="text/javascript">addEvent(window, "load", function(e) {SelectFilter.init("id_test", "test", 0, "/media/"); });</script>
<BLANKLINE>
>>> w = AdminSplitDateTime()
>>> print conditional_escape(w.render('test', datetime(2007, 12, 1, 9, 30)))
<p class="datetime">Date: <input value="2007-12-01" type="text" class="vDateField" name="test_0" size="10" /><br />Time: <input value="09:30:00" type="text" class="vTimeField" name="test_1" size="8" /></p>
>>> w = AdminFileWidget()
>>> print conditional_escape(w.render('test', 'test'))
Currently: <a target="_blank" href="test">test</a> <br>Change: <input type="file" name="test" />
>>> rel = LogEntry._meta.get_field('user').rel
>>> w = ForeignKeyRawIdWidget(rel)
>>> print conditional_escape(w.render('test', 'test', attrs={}))
<input type="text" name="test" value="test" class="vForeignKeyRawIdAdminField" /><a href="../../../auth/user/" class="related-lookup" id="lookup_id_test" onclick="return showRelatedObjectLookupPopup(this);"> <img src="/media/img/admin/selector-search.gif" width="16" height="16" alt="Lookup"></a>
"""

1
django/contrib/admin/views/main.py
View File

@ -10,6 +10,7 @@ from django.db.models.query import handle_legacy_orderlist, QuerySet
from django.http import Http404
from django.utils.encoding import force_unicode, smart_str
from django.utils.translation import ugettext
from django.utils.safestring import mark_safe
import operator
try:

13
django/contrib/admin/widgets.py
View File

@ -6,6 +6,7 @@ from django import newforms as forms
from django.utils.datastructures import MultiValueDict
from django.utils.text import capfirst
from django.utils.translation import ugettext as _
from django.utils.safestring import mark_safe
from django.conf import settings
class FilteredSelectMultiple(forms.SelectMultiple):
@ -28,7 +29,7 @@ class FilteredSelectMultiple(forms.SelectMultiple):
# API to determine the ID dynamically.
output.append(u'SelectFilter.init("id_%s", "%s", %s, "%s"); });</script>\n' % \
(name, self.verbose_name.replace('"', '\\"'), int(self.is_stacked), settings.ADMIN_MEDIA_PREFIX))
return u''.join(output)
return mark_safe(u''.join(output))
class AdminDateWidget(forms.TextInput):
class Media:
@ -57,8 +58,8 @@ class AdminSplitDateTime(forms.SplitDateTimeWidget):
forms.MultiWidget.__init__(self, widgets, attrs)
def format_output(self, rendered_widgets):
return u'<p class="datetime">%s %s<br />%s %s</p>' % \
(_('Date:'), rendered_widgets[0], _('Time:'), rendered_widgets[1])
return mark_safe(u'<p class="datetime">%s %s<br />%s %s</p>' % \
(_('Date:'), rendered_widgets[0], _('Time:'), rendered_widgets[1]))
class AdminFileWidget(forms.FileInput):
"""
@ -73,7 +74,7 @@ class AdminFileWidget(forms.FileInput):
if value:
output.append('Currently: <a target="_blank" href="%s%s">%s</a> <br>Change: ' % (settings.MEDIA_URL, value, value))
output.append(super(AdminFileWidget, self).render(name, value, attrs))
return u''.join(output)
return mark_safe(u''.join(output))
class ForeignKeyRawIdWidget(forms.TextInput):
"""
@ -99,7 +100,7 @@ class ForeignKeyRawIdWidget(forms.TextInput):
output.append('<a href="%s%s" class="related-lookup" id="lookup_id_%s" onclick="return showRelatedObjectLookupPopup(this);"> ' % \
(related_url, url, name))
output.append('<img src="%simg/admin/selector-search.gif" width="16" height="16" alt="Lookup"></a>' % settings.ADMIN_MEDIA_PREFIX)
return u''.join(output)
return mark_safe(u''.join(output))
#if self.change: # TODO
#output.append('&nbsp;<strong>TODO</strong>')
@ -148,7 +149,7 @@ class RelatedFieldWidgetWrapper(object):
output.append(u'<a href="%sadd/" class="add-another" id="add_id_%s" onclick="return showAddAnotherPopup(this);"> ' % \
(related_url, name))
output.append(u'<img src="%simg/admin/icon_addlink.gif" width="10" height="10" alt="Add Another"/></a>' % settings.ADMIN_MEDIA_PREFIX)
return u''.join(output)
return mark_safe(u''.join(output))
def __deepcopy__(self, memo):
# There's no reason to deepcopy admin_site, etc, so just return self.