Fixed #31361 -- Fixed invalid action="" in admin forms.
The attribute action="" (empty string) on the <form> element is invalid HTML5. The spec (https://html.spec.whatwg.org/#attr-fs-action) says: > The action and formaction content attributes, if specified, must have > a value that is a valid non-empty URL potentially surrounded by > spaces. Emphasis on non-empty. The action attribute is allowed to be omitted, in which case the current URL is used which is the same behavior as now.
This commit is contained in:
parent
b7093860df
commit
3857a08bdb
|
@ -19,7 +19,7 @@
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% block content %}<div id="content-main">
|
{% block content %}<div id="content-main">
|
||||||
<form action="{{ form_url }}" method="post" id="{{ opts.model_name }}_form">{% csrf_token %}{% block form_top %}{% endblock %}
|
<form{% if form_url %} action="{{ form_url }}"{% endif %} method="post" id="{{ opts.model_name }}_form">{% csrf_token %}{% block form_top %}{% endblock %}
|
||||||
<input type="text" name="username" value="{{ original.get_username }}" style="display: none">
|
<input type="text" name="username" value="{{ original.get_username }}" style="display: none">
|
||||||
<div>
|
<div>
|
||||||
{% if is_popup %}<input type="hidden" name="_popup" value="1">{% endif %}
|
{% if is_popup %}<input type="hidden" name="_popup" value="1">{% endif %}
|
||||||
|
|
|
@ -33,7 +33,7 @@
|
||||||
</ul>
|
</ul>
|
||||||
{% endif %}{% endif %}
|
{% endif %}{% endif %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
<form {% if has_file_field %}enctype="multipart/form-data" {% endif %}action="{{ form_url }}" method="post" id="{{ opts.model_name }}_form" novalidate>{% csrf_token %}{% block form_top %}{% endblock %}
|
<form {% if has_file_field %}enctype="multipart/form-data" {% endif %}{% if form_url %}action="{{ form_url }}" {% endif %}method="post" id="{{ opts.model_name }}_form" novalidate>{% csrf_token %}{% block form_top %}{% endblock %}
|
||||||
<div>
|
<div>
|
||||||
{% if is_popup %}<input type="hidden" name="{{ is_popup_var }}" value="1">{% endif %}
|
{% if is_popup %}<input type="hidden" name="{{ is_popup_var }}" value="1">{% endif %}
|
||||||
{% if to_field %}<input type="hidden" name="{{ to_field_var }}" value="{{ to_field }}">{% endif %}
|
{% if to_field %}<input type="hidden" name="{{ to_field_var }}" value="{{ to_field }}">{% endif %}
|
||||||
|
|
|
@ -5868,21 +5868,19 @@ class AdminKeepChangeListFiltersTests(TestCase):
|
||||||
self.get_changelist_filters_querystring(),
|
self.get_changelist_filters_querystring(),
|
||||||
)
|
)
|
||||||
|
|
||||||
def get_add_url(self):
|
def get_add_url(self, add_preserved_filters=True):
|
||||||
return '%s?%s' % (
|
url = reverse('admin:auth_user_add', current_app=self.admin_site.name)
|
||||||
reverse('admin:auth_user_add',
|
if add_preserved_filters:
|
||||||
current_app=self.admin_site.name),
|
url = '%s?%s' % (url, self.get_preserved_filters_querystring())
|
||||||
self.get_preserved_filters_querystring(),
|
return url
|
||||||
)
|
|
||||||
|
|
||||||
def get_change_url(self, user_id=None):
|
def get_change_url(self, user_id=None, add_preserved_filters=True):
|
||||||
if user_id is None:
|
if user_id is None:
|
||||||
user_id = self.get_sample_user_id()
|
user_id = self.get_sample_user_id()
|
||||||
return "%s?%s" % (
|
url = reverse('admin:auth_user_change', args=(user_id,), current_app=self.admin_site.name)
|
||||||
reverse('admin:auth_user_change', args=(user_id,),
|
if add_preserved_filters:
|
||||||
current_app=self.admin_site.name),
|
url = '%s?%s' % (url, self.get_preserved_filters_querystring())
|
||||||
self.get_preserved_filters_querystring(),
|
return url
|
||||||
)
|
|
||||||
|
|
||||||
def get_history_url(self, user_id=None):
|
def get_history_url(self, user_id=None):
|
||||||
if user_id is None:
|
if user_id is None:
|
||||||
|
@ -5965,6 +5963,11 @@ class AdminKeepChangeListFiltersTests(TestCase):
|
||||||
self.assertRedirects(response, self.get_add_url())
|
self.assertRedirects(response, self.get_add_url())
|
||||||
post_data.pop('_addanother')
|
post_data.pop('_addanother')
|
||||||
|
|
||||||
|
def test_change_view_without_preserved_filters(self):
|
||||||
|
response = self.client.get(self.get_change_url(add_preserved_filters=False))
|
||||||
|
# The action attribute is omitted.
|
||||||
|
self.assertContains(response, '<form method="post" id="user_form" novalidate>')
|
||||||
|
|
||||||
def test_add_view(self):
|
def test_add_view(self):
|
||||||
# Get the `add_view`.
|
# Get the `add_view`.
|
||||||
response = self.client.get(self.get_add_url())
|
response = self.client.get(self.get_add_url())
|
||||||
|
@ -6003,6 +6006,11 @@ class AdminKeepChangeListFiltersTests(TestCase):
|
||||||
self.assertRedirects(response, self.get_add_url())
|
self.assertRedirects(response, self.get_add_url())
|
||||||
post_data.pop('_addanother')
|
post_data.pop('_addanother')
|
||||||
|
|
||||||
|
def test_add_view_without_preserved_filters(self):
|
||||||
|
response = self.client.get(self.get_add_url(add_preserved_filters=False))
|
||||||
|
# The action attribute is omitted.
|
||||||
|
self.assertContains(response, '<form method="post" id="user_form" novalidate>')
|
||||||
|
|
||||||
def test_delete_view(self):
|
def test_delete_view(self):
|
||||||
# Test redirect on "Delete".
|
# Test redirect on "Delete".
|
||||||
response = self.client.post(self.get_delete_url(), {'post': 'yes'})
|
response = self.client.post(self.get_delete_url(), {'post': 'yes'})
|
||||||
|
|
|
@ -1284,7 +1284,8 @@ class UUIDUserTests(TestCase):
|
||||||
|
|
||||||
password_change_url = reverse('custom_user_admin:auth_user_password_change', args=(u.pk,))
|
password_change_url = reverse('custom_user_admin:auth_user_password_change', args=(u.pk,))
|
||||||
response = self.client.get(password_change_url)
|
response = self.client.get(password_change_url)
|
||||||
self.assertEqual(response.status_code, 200)
|
# The action attribute is omitted.
|
||||||
|
self.assertContains(response, '<form method="post" id="uuiduser_form">')
|
||||||
|
|
||||||
# A LogEntry is created with pk=1 which breaks a FK constraint on MySQL
|
# A LogEntry is created with pk=1 which breaks a FK constraint on MySQL
|
||||||
with connection.constraint_checks_disabled():
|
with connection.constraint_checks_disabled():
|
||||||
|
|
Loading…
Reference in New Issue