Fixed #4971 -- Fixed some escaping and quoting problems in the databrowse contrib app. Based on patch from Johann Queuniet.

gdub · gdub · commit 29078eaeca62 · 2007-07-26T05:01:53.000Z
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5764 bcc190cf-cafb-0310-a4f2-bffc1f526a37
diff --git a/AUTHORS b/AUTHORS
@@ -214,6 +214,7 @@ answer newbie questions, and generally made Django that much better:
     plisk
     Daniel Poelzleithner <http://poelzi.org/>
     polpak@yahoo.com
+    Johann Queuniet <johann.queuniet@adh.naellia.eu>
     J. Rademaker
     Michael Radziej <mir@noris.de>
     Ramiro Morales <rm0@gmx.net>
diff --git a/django/contrib/databrowse/plugins/fieldchoices.py b/django/contrib/databrowse/plugins/fieldchoices.py
@@ -37,9 +37,10 @@ def model_index_html(self, request, model, site):
 
     def urls(self, plugin_name, easy_instance_field):
         if easy_instance_field.field in self.field_dict(easy_instance_field.model.model).values():
+            field_value = smart_str(easy_instance_field.raw_value)
             return [u'%s%s/%s/%s/' % (easy_instance_field.model.url(),
                 plugin_name, easy_instance_field.field.name,
-                urllib.quote(smart_str(easy_instance_field.raw_value)))]
+                urllib.quote(field_value, safe=''))]
 
     def model_view(self, request, model_databrowse, url):
         self.model, self.site = model_databrowse.model, model_databrowse.site
diff --git a/django/contrib/databrowse/templates/databrowse/calendar_day.html b/django/contrib/databrowse/templates/databrowse/calendar_day.html
@@ -10,7 +10,7 @@ <h1>{{ model.verbose_name_plural|capfirst }} with {{ field.verbose_name }} on {{
 
 <ul class="objectlist">
 {% for object in object_list %}
-<li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object }}</a></li>
+<li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object|escape }}</a></li>
 {% endfor %}
 </ul>
 
diff --git a/django/contrib/databrowse/templates/databrowse/calendar_month.html b/django/contrib/databrowse/templates/databrowse/calendar_month.html
@@ -10,7 +10,7 @@ <h1>{{ model.verbose_name_plural|capfirst }} with {{ field.verbose_name }} in {{
 
 <ul class="objectlist">
 {% for object in object_list %}
-<li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object }}</a></li>
+<li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object|escape }}</a></li>
 {% endfor %}
 </ul>
 
diff --git a/django/contrib/databrowse/templates/databrowse/choice_detail.html b/django/contrib/databrowse/templates/databrowse/choice_detail.html
@@ -10,7 +10,7 @@ <h1>{{ model.verbose_name_plural|capfirst }} by {{ field.field.verbose_name }}:
 
 <ul class="objectlist">
 {% for object in object_list %}
-<li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object }}</a></li>
+<li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object|escape }}</a></li>
 {% endfor %}
 </ul>
 
diff --git a/django/contrib/databrowse/templates/databrowse/choice_list.html b/django/contrib/databrowse/templates/databrowse/choice_list.html
@@ -10,7 +10,7 @@ <h1>{{ model.verbose_name_plural|capfirst }} by {{ field.field.verbose_name }}</
 
 <ul class="objectlist">
 {% for choice in field.choices %}
-<li class="{% cycle odd,even %}"><a href="{{ choice.url }}">{{ choice.label }}</a></li>
+<li class="{% cycle odd,even %}"><a href="{{ choice.url }}">{{ choice.label|escape }}</a></li>
 {% endfor %}
 </ul>
 
diff --git a/django/contrib/databrowse/templates/databrowse/homepage.html b/django/contrib/databrowse/templates/databrowse/homepage.html
@@ -11,7 +11,7 @@
 	  <h2><a href="{{ model.url }}">{{ model.verbose_name_plural|capfirst }}</a></h2>
 		<p>
 		{% for object in model.sample_objects %}
-			<a href="{{ object.url }}">{{ object }}</a>, 
+			<a href="{{ object.url }}">{{ object|escape }}</a>, 
 		{% endfor %}
 			<a class="more" href="{{ model.url }}">More &rarr;</a>
 		</p>
diff --git a/django/contrib/databrowse/templates/databrowse/model_detail.html b/django/contrib/databrowse/templates/databrowse/model_detail.html
@@ -12,7 +12,7 @@ <h1>{{ model.verbose_name_plural|capfirst }}</h1>
 
 <ul class="objectlist">
 {% for object in model.objects %}
-    <li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object }}</a></li>
+    <li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object|escape }}</a></li>
 {% endfor %}
 </ul>
 
diff --git a/django/contrib/databrowse/templates/databrowse/object_detail.html b/django/contrib/databrowse/templates/databrowse/object_detail.html
@@ -4,18 +4,18 @@
 
 {% block content %}
 
-<div id="breadcrumbs"><a href="{{ root_url }}">Home</a> / <a href="{{ object.model.url }}">{{ object.model.verbose_name_plural|capfirst }}</a> / {{ object }}</div>
+<div id="breadcrumbs"><a href="{{ root_url }}">Home</a> / <a href="{{ object.model.url }}">{{ object.model.verbose_name_plural|capfirst }}</a> / {{ object|escape }}</div>
 
-<h1>{{ object.model.verbose_name|capfirst }}: {{ object }}</h1>
+<h1>{{ object.model.verbose_name|capfirst }}: {{ object|escape }}</h1>
 
 <table class="objectinfo">
 {% for field in object.fields %}
 <tr class="{% cycle odd,even %}">
 <th>{{ field.field.verbose_name|capfirst }}</th>
 <td>
 {% if field.urls %}
-{% for urlvalue in field.urls %}
-{% if urlvalue.1 %}<a href="{{ urlvalue.1 }}">{% endif %}{{ urlvalue.0 }}{% if urlvalue.1 %}</a>{% endif %}{% if not forloop.last %}, {% endif %}
+{% for value, url in field.urls %}
+{% if url %}<a href="{{ url }}">{% endif %}{{ value|escape }}{% if url %}</a>{% endif %}{% if not forloop.last %}, {% endif %}
 {% endfor %}
 {% else %}None{% endif %}
 </td>
@@ -29,7 +29,7 @@ <h2>Appears in "{{ related_object.related_field }}" in the following {{ related_
   {% if related_object.object_list %}
   <ul class="objectlist">
     {% for object in related_object.object_list %}
-    <li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object }}</a></li>
+    <li class="{% cycle odd,even %}"><a href="{{ object.url }}">{{ object|escape }}</a></li>
     {% endfor %}
   </ul>
   {% else %}
