innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

[1.7.x] Fixed #22266 - quote PK before redirecting away from add_view (django.contrib.admin) 

Backport of ebd70d4d00 from master.
This commit is contained in:
Stas Rudakou 2014-05-16 18:56:25 +03:00 committed by Russell Keith-Magee
parent bd45139d4e
commit 75d2da797e
2 changed files with 26 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
django/contrib/admin/options.py
View File

@ -11,7 +11,7 @@ from django.contrib.admin import widgets, helpers
from django.contrib.admin import validation from django.contrib.admin import validation
from django.contrib.admin.checks import (BaseModelAdminChecks, ModelAdminChecks, from django.contrib.admin.checks import (BaseModelAdminChecks, ModelAdminChecks,
InlineModelAdminChecks) InlineModelAdminChecks)
from django.contrib.admin.utils import (unquote, flatten_fieldsets, from django.contrib.admin.utils import (quote, unquote, flatten_fieldsets,
get_deleted_objects, model_format_dict, NestedObjects, get_deleted_objects, model_format_dict, NestedObjects,
lookup_needs_distinct) lookup_needs_distinct)
from django.contrib.admin.templatetags.admin_static import static from django.contrib.admin.templatetags.admin_static import static
@ -1100,7 +1100,7 @@ class ModelAdmin(BaseModelAdmin):
if post_url_continue is None: if post_url_continue is None:
post_url_continue = reverse('admin:%s_%s_change' % post_url_continue = reverse('admin:%s_%s_change' %
(opts.app_label, opts.model_name), (opts.app_label, opts.model_name),
args=(pk_value,), args=(quote(pk_value),),
current_app=self.admin_site.name) current_app=self.admin_site.name)
post_url_continue = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, post_url_continue) post_url_continue = add_preserved_filters({'preserved_filters': preserved_filters, 'opts': opts}, post_url_continue)
return HttpResponseRedirect(post_url_continue) return HttpResponseRedirect(post_url_continue)

24
tests/admin_views/tests.py
View File

@ -1779,6 +1779,30 @@ class AdminViewStringPrimaryKeyTest(TestCase):
args=(quote(self.pk),)) args=(quote(self.pk),))
self.assertContains(response, '<a href="%s" class="historylink"' % expected_link) self.assertContains(response, '<a href="%s" class="historylink"' % expected_link)
def test_redirect_on_add_view_continue_button(self):
"""As soon as an object is added using "Save and continue editing"
button, the user should be redirected to the object's change_view.
In case primary key is a string containing some special characters
like slash or underscore, these characters must be escaped (see #22266)
"""
response = self.client.post(
'/test_admin/admin/admin_views/modelwithstringprimarykey/add/',
{
'string_pk': '123/history',
"_continue": "1", # Save and continue editing
}
)
self.assertEqual(response.status_code, 302) # temporary redirect
self.assertEqual(
response['location'],
(
'http://testserver/test_admin/admin/admin_views/'
'modelwithstringprimarykey/123_2Fhistory/' # PK is quoted
)
)
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) @override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
class SecureViewTests(TestCase): class SecureViewTests(TestCase):