Gary Wilson Jr
38d972b9ec
Fixed #5880 -- Fixed an XSS hole in the admin interface.
...
* Escaped text that gets sent after saving the admin foreignkey popup form.
* Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
* Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick
b58c55fc80
Fixed #5944 -- Added safe string markings to admin error messages in one place
...
that was missed.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick
356662cf74
Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
...
See documentation in templates.txt and templates_python.txt for how everything
works.
Backwards incompatible if you're inserting raw HTML output via template variables.
Based on an original design from Simon Willison and with debugging help from Michael Radziej.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Malcolm Tredinnick
e9656180ea
Fixed #1394 -- Fixed an admin crash when saving models with pk db column != pk attname.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 12:14:48 +00:00
Gary Wilson Jr
919205ef85
Refs #3397 -- Corrected the Exception that is caught when ordering by non-fields (added in [4596]), thanks glin@seznam.cz.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5799 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-04 14:41:49 +00:00
Malcolm Tredinnick
0145e71ceb
Fixed #4846 -- Fixed some Python 2.3 encoding problems in the admin interface.
...
Based on a patch from daybreaker12@gmail.com .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-13 11:05:01 +00:00
Malcolm Tredinnick
953badbea5
Merged Unicode branch into trunk (r4952:5608). This should be fully
...
backwards compatible for all practical purposes.
Fixed #2391 , #2489 , #2996 , #3322 , #3344 , #3370 , #3406 , #3432 , #3454 , #3492 , #3582 , #3690 , #3878 , #3891 , #3937 , #4039 , #4141 , #4227 , #4286 , #4291 , #4300 , #4452 , #4702
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 12:11:04 +00:00
Malcolm Tredinnick
08aa5c585b
Fixed #4607 -- Tweaked checks for features missing in Python 2.3 to not assume
...
things Python does not guarantee. Patch from SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5514 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-23 03:18:22 +00:00
Malcolm Tredinnick
4bce3c17ec
Revert [5092], since this should only have been applied to newforms-admin.
...
Refs #1576 .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 14:58:38 +00:00
Malcolm Tredinnick
6c18ba8c91
Fixed #1576 -- Fixed incorrect SQL generated when using descending ordering
...
from related models. Patch from SmileyChris.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5092 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:48:31 +00:00
Malcolm Tredinnick
439cb4047f
Fixed #4040 -- Changed uses of has_key() to "in". Slight performance
...
improvement and forward-compatible with future Python releases. Patch from Gary
Wilson.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:30:48 +00:00
Jacob Kaplan-Moss
f3cc581f3a
Fixed #2828 , a TypeError when deleting objects with m2m relations to self. Thanks, Brian Beck.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 19:12:31 +00:00
Jacob Kaplan-Moss
abf79841fe
Fixed #3397 : You can now order by non-DB fields in the admin by telling Django which field to actually order by. Thanks, marcink@elksoft.pl
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 05:37:24 +00:00
Malcolm Tredinnick
6c4757729b
Revert [4485] in order to fix accidental mod_python breakage. Refs #2920 .
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4486 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 23:50:35 +00:00
Russell Keith-Magee
0e924c70b1
Refs #2920 -- Replaced implicit uses of _() with explicit imports or calls to gettext(). At some point post 0.96, we need to remove the calls that put _ into the builtins.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4485 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 06:20:52 +00:00
Adrian Holovaty
d04a2e792c
Fixed typo in a docstring in django/contrib/admin/views/main.py
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4269 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-30 07:48:11 +00:00
Adrian Holovaty
706fcec164
Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4208 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-15 18:00:50 +00:00
Adrian Holovaty
545ebf4395
Improved [4180] to add HTML escaping on the primary-key value in the error message
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:14:35 +00:00
Adrian Holovaty
201704be3d
Added improved error message in admin views/main.py when loading ChangeManipulator. Also took the opportunity to convert all Http404 exceptions to use proper exception raising syntax
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:09:24 +00:00
Adrian Holovaty
b0a8a75fc3
Fixed #2955 -- Fixed incorrect verbose-name display in admin delete_stage message. Thanks for the patch, mattimustang@gmail.com
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3921 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-24 16:35:04 +00:00
Malcolm Tredinnick
96bc9ec79d
Fixed #2520 -- Fixed a problem with invalid SQL being generated by admin
...
interface in certain circumstances. Patch from favo@exoweb.net .
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3794 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-22 13:10:46 +00:00
Adrian Holovaty
64cf4b95a6
Fixed bug in [3553] -- Changed admin JavaScript quoting for related-object popup window not to use repr(), because that produces values such as 123L for longints. Refs #2500
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3613 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-18 21:39:29 +00:00
Adrian Holovaty
efa19ae8a7
Fixed #2559 -- Added cool new operators for Admin.search_fields, plus documentation. Thanks, Andy Dustman.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3601 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-18 02:48:34 +00:00
Adrian Holovaty
4805675f9d
Fixed #2500 -- Fixed bug in admin related-object pop-up window when using a primary key value that isn't an integer. Thanks, Gary Wilson and deryck@samba.org
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-11 05:31:08 +00:00
Jacob Kaplan-Moss
17d0bd1512
Fixed a bunch of spurious imports, typos, and other small errors turned up by a pass through PyFlakes. This covers about the first third of the errors.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3411 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-07-21 17:11:13 +00:00
Jacob Kaplan-Moss
bc2d8cdbc6
Fixed #2199 : deleting objects with generic foreign keys in the admin now works. Thanks, Jay Parlar
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3194 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-22 18:44:06 +00:00
Adrian Holovaty
d599052a15
Added AllValuesFilterSpec to admin changelist filters, which lets you put any arbitrary field in Admin.list_filter. To determine the list of all available choices, Django does a SELECT DISTINCT. Note this is backwards-incompatible for people who have defined and registered their own FilterSpecs, because each FilterSpec now takes a 'model' parameter.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3136 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-16 19:42:06 +00:00
Luke Plant
9b86db9bf2
Eliminated lots of mutable default arguments (since they are bugs
...
waiting to happen and are memory leaks too).
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3070 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-03 13:37:34 +00:00
Adrian Holovaty
5099424975
Negligible spacing change to admin/views/main.py
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3036 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-01 03:35:23 +00:00
Adrian Holovaty
2543d0ae93
Fixed bug in admin where it would redirect infinitely if invalid lookup parameters were given in the URL. Refs #2024
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3024 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-31 15:25:23 +00:00
Adrian Holovaty
192c726ee6
Fixed #2050 -- Fixed raw_id_admin display in admin. Thanks, Christopher Lenz
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3018 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-31 14:37:57 +00:00
Adrian Holovaty
b63157c616
Fixed #1403 -- 'Add' green plus sign no longer appears in admin change forms for fields whose related models don't have an admin
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2991 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-26 17:54:19 +00:00
Luke Plant
f57e34e990
Fixed #1579 - added support for 'Q' objects in limit_choices_to.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2850 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-06 00:26:24 +00:00
Adrian Holovaty
2b551dec40
Fixed bug in admin: raw_id_admin fields weren't displaying their old values next to the form field, due to descriptor-fields change
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2827 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-04 04:09:23 +00:00
Adrian Holovaty
f69cf70ed8
MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00
Adrian Holovaty
b9e40b14bc
Renamed OneToOne to OneToOneRel to be consistent with ManyToManyRel
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-04-10 03:35:56 +00:00
Adrian Holovaty
b8d8aca5fd
Renamed ManyToOne to ManyToOneRel to be consistent with ManyToManyRel
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2649 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-04-10 03:34:47 +00:00
Adrian Holovaty
e3e271ff92
Fixed #1600 -- Renamed ManyToMany to ManyToManyRel so people get a clearer error if they use ManyToMany instead of ManyToManyField
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-04-10 03:32:38 +00:00
Jacob Kaplan-Moss
eeb848bdbd
Fixed #889 (Thanks, Tom Tobin)
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2415 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-02-27 19:13:41 +00:00
Adrian Holovaty
c14e692952
Fixed #1250 -- Fixed NameError when trying to delete without related object permissions in admin interface. Thanks, oggie rob
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2327 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-02-17 18:20:15 +00:00
Adrian Holovaty
c4ab08a7a5
Added missing 'staff_member_required' decorator to change_stage() admin view
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2009 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-01-16 18:49:24 +00:00
Adrian Holovaty
09da166609
Fixed #615 -- Admin views now use escape() instead of strip_tags(). Thanks, Sune Kirkeby
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1982 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-01-15 06:28:41 +00:00
Adrian Holovaty
ceb558c277
Fixed #1196 -- Admin deletion step no longer assumes related objects have primary key named 'id'. Thanks, oggie rob
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1973 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-01-15 06:01:35 +00:00
Adrian Holovaty
d971b31695
Fixed #1092 -- Fixed behavior for query-string overrides in admin forms
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-21 03:37:31 +00:00
Adrian Holovaty
800cac7e31
Negligible refactoring in django.core.meta.fields and django.contrib.admin.views.main. Taken from #1020 . Refs #1020
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-10 05:32:05 +00:00
Adrian Holovaty
dc2daff31f
Fixed inconsistent spacing in contrib.admin.views.main
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-09 02:16:17 +00:00
Adrian Holovaty
9832abf6b4
Fixed #1022 -- Fixed bug in admin when deleting models with OneToOne. Thanks, Eric Moritz.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-07 23:36:31 +00:00
Adrian Holovaty
54618dc0fe
Improved django.contrib.admin.views.main to raise ImproperlyConfigured if admin app isn't in INSTALLED_APPS. This avoids one possibility of an obscure error.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-06 04:55:33 +00:00
Adrian Holovaty
9541d7a7c7
Fixed #251 -- Added OR support to queries, via the new 'complex' DB API keyword argument. Updated docs and added unit tests. Also removed old, undocumented '_or' parameter. Thanks, Hugo.
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1508 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-11-30 06:14:05 +00:00
Adrian Holovaty
837435a08a
Small simplification to request.GET.items() call in contrib.admin.views.main. Thanks, Kieran
...
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1507 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-11-30 05:34:51 +00:00