Author: lukeplant
Date: 2009-09-11 04:42:17 -0500 (Fri, 11 Sep 2009)
New Revision: 11497
Modified:
django/trunk/django/contrib/admin/templatetags/admin_list.py
django/trunk/django/contrib/admin/widgets.py
Log:
Fixed #11502 - wrong escaping in admin.
Thanks Tomasz Elendt.
Modified: django/trunk/django/contrib/admin/templatetags/admin_list.py
===================================================================
--- django/trunk/django/contrib/admin/templatetags/admin_list.py
2009-09-11 09:08:07 UTC (rev 11496)
+++ django/trunk/django/contrib/admin/templatetags/admin_list.py
2009-09-11 09:42:17 UTC (rev 11497)
@@ -265,7 +265,7 @@
day_lookup = cl.params.get(day_field)
year_month_format, month_day_format = get_partial_date_formats()
- link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))
+ link = lambda d: cl.get_query_string(d, [field_generic])
if year_lookup and month_lookup and day_lookup:
day = datetime.date(int(year_lookup), int(month_lookup),
int(day_lookup))
Modified: django/trunk/django/contrib/admin/widgets.py
===================================================================
--- django/trunk/django/contrib/admin/widgets.py 2009-09-11 09:08:07 UTC
(rev 11496)
+++ django/trunk/django/contrib/admin/widgets.py 2009-09-11 09:42:17 UTC
(rev 11497)
@@ -7,6 +7,7 @@
from django import forms
from django.forms.widgets import RadioFieldRenderer
from django.forms.util import flatatt
+from django.utils.html import escape
from django.utils.text import truncate_words
from django.utils.translation import ugettext as _
from django.utils.safestring import mark_safe
@@ -148,7 +149,7 @@
def label_for_value(self, value):
key = self.rel.get_related_field().name
obj = self.rel.to._default_manager.get(**{key: value})
- return ' <strong>%s</strong>' % truncate_words(obj, 14)
+ return ' <strong>%s</strong>' % escape(truncate_words(obj, 14))
class ManyToManyRawIdWidget(ForeignKeyRawIdWidget):
"""
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
