Opened 18 years ago
Closed 16 years ago
#4074 closed (fixed)
admin interface filter.html does not encode url attributes properly
Reported by: | Owned by: | nobody | |
---|---|---|---|
Component: | contrib.admin | Version: | newforms-admin |
Severity: | Keywords: | ampersand filter | |
Cc: | robert@… | Triage Stage: | Ready for checkin |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
If you filter on a field that has a value that includes an ampersand when selecting that value to filter on it does not work.
The output of filter.html for an example
<li> <a href="?title=Escapade%20-%20Adult%20Kayak%20&%20Snorkel,%20Northwest%20Maui">Escapade - Adult Kayak & Snorkel, Northwest Maui</a></li>
I tried using the urlencode filter, but it encodes the ? as well which causes it to fail also.
<a href="{{ choice.query_string|urlencode }}">{{ choice.display|escape }}</a></li>
If I change the following it works. I know this is not the right place.
In filter.html
change
<a href="{{ choice.query_string }}">{{ choice.display|escape }}</a></li>
to
<a href="{{ choice.query_string|fix_ampersands }}">{{ choice.display|escape }}</a></li>
in html.py
change
def fix_ampersands(value): "Returns the given HTML with all unencoded ampersands encoded correctly" return unencoded_ampersands_re.sub('&', value)
to
def fix_ampersands(value): "Returns the given HTML with all unencoded ampersands encoded correctly" return unencoded_ampersands_re.sub('%26', value)
Attachments (4)
Change History (12)
comment:1 by , 18 years ago
Version: | new-admin → SVN |
---|
by , 17 years ago
Attachment: | django-4074-admin-querystring-quote.patch added |
---|
by , 17 years ago
Attachment: | django-4074-admin-querystring-quote2.patch added |
---|
better unicode version
comment:2 by , 17 years ago
Has patch: | set |
---|
Not sure if this would be acceptable, but it's a patch which will make sure the querystring is more useable everywhere. It solves '&', and also a problem I have been having with '>' (which when used in another form confuses the CSRF substitution regexp!)
comment:3 by , 17 years ago
Cc: | added |
---|
comment:4 by , 17 years ago
Patch needs improvement: | set |
---|---|
Summary: | admin interface filter.html does not encode & properly → admin interface filter.html does not encode url attributes properly |
Triage Stage: | Unreviewed → Accepted |
by , 17 years ago
comment:5 by , 17 years ago
Patch needs improvement: | unset |
---|---|
Triage Stage: | Accepted → Ready for checkin |
New patch (against SVN trunk, not newforms-admin branch) which fixes the issue at the core. I also added a small optimization.
The code in question hasn't changed in newforms, it may as well be fixed on trunk, yes?
comment:6 by , 16 years ago
Triage Stage: | Ready for checkin → Accepted |
---|---|
Version: | SVN → newforms-admin |
Not worth fixing on trunk, since newforms-admin is so close. Pushing to the newforms-admin branch, though, so they can check it's been fixed over there.
comment:7 by , 16 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
No, it hasn't been fixed in newforms-admin. Verified the problem and that the patch (rebased since the trunk version would not apply) fixes it.
comment:8 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
One way to patch it - saves lots of potential problems with the query string