LUMC · zuotian · Jun 10, 2013 · Jun 10, 2013
diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py
@@ -9,6 +9,7 @@
 from django.contrib.admin.util import unquote, flatten_fieldsets, get_deleted_objects, model_format_dict
 from django.contrib.admin.templatetags.admin_static import static
 from django.contrib import messages
+from django.utils.http import is_safe_url
 from django.views.decorators.csrf import csrf_protect
 from django.core.exceptions import PermissionDenied, ValidationError
 from django.core.paginator import Paginator
@@ -28,6 +29,7 @@
 from django.utils.translation import ugettext as _
 from django.utils.translation import ungettext
 from django.utils.encoding import force_unicode
+import urlparse
 
 HORIZONTAL, VERTICAL = 1, 2
 # returns the <ul> class for a given radio_admin field
@@ -872,6 +874,10 @@ def response_change(self, request, obj):
                 post_url = reverse('%s:%s_%s_changelist' %
                                    (self.admin_site.name, opts.app_label, module_name),
                                    current_app=self.admin_site.name)
+                changelist_filters = request.POST.get('_changelist_filters')
+                if changelist_filters:
+                    post_url = '%s?%s' % (post_url, changelist_filters)
+
             else:
                 post_url = reverse('%s:index' % self.admin_site.name,
                                    current_app=self.admin_site.name)
@@ -1048,6 +1054,7 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
 
         ModelForm = self.get_form(request, obj)
         inline_instances = self.get_inline_instances(request)
+        changelist_filters = None
 
         if request.method == 'POST':
             form = ModelForm(request.POST, request.FILES, instance=obj)
@@ -1060,6 +1067,9 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
 
             formsets = self.get_formset_instances(request, new_object, inline_instances)
 
+            # use the filter from previous view.
+            changelist_filters = request.POST.get('_changelist_filters')
+
             if all_valid(formsets) and form_validated:
                 self.save_model(request, new_object, form, True)
                 self.save_related(request, form, formsets, True)
@@ -1071,6 +1081,15 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
             form = ModelForm(instance=obj)
             formsets = self.get_formset_instances(request, obj, inline_instances)
 
+            referer = request.META.get('HTTP_REFERER')
+            if referer:
+                referer = urlparse.urlparse(referer)
+                changelist_url = reverse('%s:%s_%s_changelist' %
+                                         (self.admin_site.name, opts.app_label, opts.module_name),
+                                         current_app=self.admin_site.name)
+                if is_safe_url(url=referer.geturl(), host=request.get_host()) and referer.path.startswith(changelist_url):
+                    changelist_filters = referer.query
+
         adminForm = helpers.AdminForm(form, self.get_fieldsets(request, obj),
             self.get_prepopulated_fields(request, obj),
             self.get_readonly_fields(request, obj),
@@ -1097,6 +1116,7 @@ def change_view(self, request, object_id, form_url='', extra_context=None):
             'inline_admin_formsets': inline_admin_formsets,
             'errors': helpers.AdminErrorList(form, formsets),
             'app_label': opts.app_label,
+            'changelist_filters': changelist_filters
         }
         context.update(extra_context or {})
         return self.render_change_form(request, context, change=True, obj=obj, form_url=form_url)
@@ -1278,12 +1298,20 @@ def delete_view(self, request, object_id, extra_context=None):
 
             self.message_user(request, _('The %(name)s "%(obj)s" was deleted successfully.') % {'name': force_unicode(opts.verbose_name), 'obj': force_unicode(obj_display)})
 
+            changelist_url = reverse('%s:%s_%s_changelist' %
+                                     (self.admin_site.name, opts.app_label, opts.module_name),
+                                     current_app=self.admin_site.name)
+
+            changelist_filters = request.POST.get('_changelist_filters')
+            if changelist_filters:
+                changelist_url = '%s?%s' % (changelist_url, changelist_filters)
+
             if not self.has_change_permission(request, None):
                 return HttpResponseRedirect(reverse('%s:index' % self.admin_site.name,
                                                     current_app=self.admin_site.name))
-            return HttpResponseRedirect(reverse('%s:%s_%s_changelist' %
-                                        (self.admin_site.name, opts.app_label, opts.module_name),
-                                        current_app=self.admin_site.name))
+            return HttpResponseRedirect(changelist_url)
+        else:
+            changelist_filters = request.GET.get('_changelist_filters')
 
         object_name = force_unicode(opts.verbose_name)
 
@@ -1301,6 +1329,7 @@ def delete_view(self, request, object_id, extra_context=None):
             "protected": protected,
             "opts": opts,
             "app_label": app_label,
+            "changelist_filters": changelist_filters,
         }
         context.update(extra_context or {})
 

diff --git a/django/contrib/admin/templates/admin/change_form.html b/django/contrib/admin/templates/admin/change_form.html
@@ -40,6 +40,7 @@
 <form {% if has_file_field %}enctype="multipart/form-data" {% endif %}action="{{ form_url }}" method="post" id="{{ opts.module_name }}_form">{% csrf_token %}{% block form_top %}{% endblock %}
 <div>
 {% if is_popup %}<input type="hidden" name="_popup" value="1" />{% endif %}
+{% if changelist_filters %}<input type="hidden" name="_changelist_filters" value="{{ changelist_filters }}" />{% endif %}
 {% if save_on_top %}{% block submit_buttons_top %}{% submit_row %}{% endblock %}{% endif %}
 {% if errors %}
     <p class="errornote">

diff --git a/django/contrib/admin/templates/admin/delete_confirmation.html b/django/contrib/admin/templates/admin/delete_confirmation.html
@@ -14,6 +14,7 @@
 {% endblock %}
 
 {% block content %}
+<div id="content-main">
 {% if perms_lacking or protected %}
     {% if perms_lacking %}
         <p>{% blocktrans with escaped_object=object %}Deleting the {{ object_name }} '{{ escaped_object }}' would result in deleting related objects, but your account doesn't have permission to delete the following types of objects:{% endblocktrans %}</p>
@@ -37,8 +38,10 @@
     <form action="" method="post">{% csrf_token %}
     <div>
     <input type="hidden" name="post" value="yes" />
+    {% if changelist_filters %}<input type="hidden" name="_changelist_filters" value="{{ changelist_filters }}" />{% endif %}
     <input type="submit" value="{% trans "Yes, I'm sure" %}" />
     </div>
     </form>
 {% endif %}
+</div>
 {% endblock %}
diff --git a/django/contrib/admin/templates/admin/submit_line.html b/django/contrib/admin/templates/admin/submit_line.html
@@ -1,7 +1,7 @@
 {% load i18n %}
 <div class="submit-row">
 {% if show_save %}<input type="submit" value="{% trans 'Save' %}" class="default" name="_save" {{ onclick_attrib }}/>{% endif %}
-{% if show_delete_link %}<p class="deletelink-box"><a href="delete/" class="deletelink">{% trans "Delete" %}</a></p>{% endif %}
+{% if show_delete_link %}<p class="deletelink-box"><a href="delete/{% if changelist_filters %}?_changelist_filters={{ changelist_filters|urlencode }}{% endif %}" class="deletelink">{% trans "Delete" %}</a></p>{% endif %}
 {% if show_save_as_new %}<input type="submit" value="{% trans 'Save as new' %}" name="_saveasnew" {{ onclick_attrib }}/>{%endif%}
 {% if show_save_and_add_another %}<input type="submit" value="{% trans 'Save and add another' %}" name="_addanother" {{ onclick_attrib }} />{% endif %}
 {% if show_save_and_continue %}<input type="submit" value="{% trans 'Save and continue editing' %}" name="_continue" {{ onclick_attrib }}/>{% endif %}

diff --git a/django/contrib/admin/templatetags/admin_modify.py b/django/contrib/admin/templatetags/admin_modify.py
@@ -38,7 +38,8 @@ def submit_row(context):
                             not is_popup and (not save_as or context['add']),
         'show_save_and_continue': not is_popup and context['has_change_permission'],
         'is_popup': is_popup,
-        'show_save': True
+        'show_save': True,
+        'changelist_filters': context['changelist_filters']
     }
 
 @register.filter

diff --git a/django/utils/http.py b/django/utils/http.py
@@ -224,3 +224,16 @@ def same_origin(url1, url2):
         """
         p1, p2 = urlparse.urlparse(url1), urlparse.urlparse(url2)
         return p1[0:2] == p2[0:2]
+
+
+def is_safe_url(url, host=None):
+    """
+    Return ``True`` if the url is a safe redirection (i.e. it doesn't point to
+    a different host).
+
+    Always returns ``False`` on an empty url.
+    """
+    if not url:
+        return False
+    netloc = urlparse.urlparse(url)[1]
+    return not netloc or netloc == host