innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #13177 -- Corrected usage of firstof in admin templates. Thanks to nomulous for the report and patch. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Russell Keith-Magee 2010-03-23 14:52:51 +00:00
parent 985e4c8dfe
commit 8dbd8b1c29
2 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
django/contrib/admin/templates/admin/base.html
View File

@ -25,7 +25,7 @@
{% if user.is_active and user.is_staff %} {% if user.is_active and user.is_staff %}
<div id="user-tools"> <div id="user-tools">
{% trans 'Welcome,' %} {% trans 'Welcome,' %}
<strong>{% firstof user.first_name user.username %}</strong>. <strong>{% filter force_escape %}{% firstof user.first_name user.username %}{% endfilter %}</strong>.
{% block userlinks %} {% block userlinks %}
{% url django-admindocs-docroot as docsroot %} {% url django-admindocs-docroot as docsroot %}
{% if docsroot %} {% if docsroot %}

20
docs/ref/templates/builtins.txt
View File

@ -113,9 +113,13 @@ You can use any number of values in a ``{% cycle %}`` tag, separated by spaces.
Values enclosed in single (``'``) or double quotes (``"``) are treated as Values enclosed in single (``'``) or double quotes (``"``) are treated as
string literals, while values without quotes are treated as template variables. string literals, while values without quotes are treated as template variables.
Note that the variables included in the cycle will not be escaped. This is Note that the variables included in the cycle will not be escaped.
because template tags do not escape their content. If you want to escape the This is because template tags do not escape their content. Any HTML or
variables in the cycle, you must do so explicitly:: Javascript code contained in the printed variable will be rendered
as-is, which could potentially lead to security issues.
If you need to escape the variables in the cycle, you must do so
explicitly::
{% filter force_escape %} {% filter force_escape %}
{% cycle var1 var2 var3 %} {% cycle var1 var2 var3 %}
@ -203,9 +207,13 @@ passed variables are False::
{% firstof var1 var2 var3 "fallback value" %} {% firstof var1 var2 var3 "fallback value" %}
Note that the variables included in the firstof tag will not be escaped. This Note that the variables included in the firstof tag will not be
is because template tags do not escape their content. If you want to escape escaped. This is because template tags do not escape their content.
the variables in the firstof tag, you must do so explicitly:: Any HTML or Javascript code contained in the printed variable will be
rendered as-is, which could potentially lead to security issues.
If you need to escape the variables in the firstof tag, you must do so
explicitly::
{% filter force_escape %} {% filter force_escape %}
{% firstof var1 var2 var3 "fallback value" %} {% firstof var1 var2 var3 "fallback value" %}