Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #11502 - wrong escaping in admin.

 
Thanks Tomasz Elendt.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@11497 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 4decf03f9ceb0162a7de757cdb3985100faf028b 1 parent 49cf7f4
Luke Plant authored September 11, 2009
2  django/contrib/admin/templatetags/admin_list.py
@@ -265,7 +265,7 @@ def date_hierarchy(cl):
265 265
         day_lookup = cl.params.get(day_field)
266 266
         year_month_format, month_day_format = get_partial_date_formats()
267 267
 
268  
-        link = lambda d: mark_safe(cl.get_query_string(d, [field_generic]))
  268
+        link = lambda d: cl.get_query_string(d, [field_generic])
269 269
 
270 270
         if year_lookup and month_lookup and day_lookup:
271 271
             day = datetime.date(int(year_lookup), int(month_lookup), int(day_lookup))
3  django/contrib/admin/widgets.py
@@ -7,6 +7,7 @@
7 7
 from django import forms
8 8
 from django.forms.widgets import RadioFieldRenderer
9 9
 from django.forms.util import flatatt
  10
+from django.utils.html import escape
10 11
 from django.utils.text import truncate_words
11 12
 from django.utils.translation import ugettext as _
12 13
 from django.utils.safestring import mark_safe
@@ -148,7 +149,7 @@ def url_parameters(self):
148 149
     def label_for_value(self, value):
149 150
         key = self.rel.get_related_field().name
150 151
         obj = self.rel.to._default_manager.get(**{key: value})
151  
-        return '&nbsp;<strong>%s</strong>' % truncate_words(obj, 14)
  152
+        return '&nbsp;<strong>%s</strong>' % escape(truncate_words(obj, 14))
152 153
 
153 154
 class ManyToManyRawIdWidget(ForeignKeyRawIdWidget):
154 155
     """

0 notes on commit 4decf03

Please sign in to comment.
Something went wrong with that request. Please try again.