Commit Graph

68 Commits

Author SHA1 Message Date
Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface.
* Escaped text that gets sent after saving the admin foreignkey popup form.
 * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
 * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-18 06:51:20 +00:00
Malcolm Tredinnick b58c55fc80 Fixed #5944 -- Added safe string markings to admin error messages in one place
that was missed.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 22:58:24 +00:00
Malcolm Tredinnick 356662cf74 Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359
See documentation in templates.txt and templates_python.txt for how everything
works.

Backwards incompatible if you're inserting raw HTML output via template variables.

Based on an original design from Simon Willison and with debugging help from Michael Radziej.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6671 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-11-14 12:58:53 +00:00
Malcolm Tredinnick e9656180ea Fixed #1394 -- Fixed an admin crash when saving models with pk db column != pk attname.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@6360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-09-16 12:14:48 +00:00
Gary Wilson Jr 919205ef85 Refs #3397 -- Corrected the Exception that is caught when ordering by non-fields (added in [4596]), thanks glin@seznam.cz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@5799 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-08-04 14:41:49 +00:00
Malcolm Tredinnick 0145e71ceb Fixed #4846 -- Fixed some Python 2.3 encoding problems in the admin interface.
Based on a patch from daybreaker12@gmail.com.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5683 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-13 11:05:01 +00:00
Malcolm Tredinnick 953badbea5 Merged Unicode branch into trunk (r4952:5608). This should be fully
backwards compatible for all practical purposes.

Fixed #2391, #2489, #2996, #3322, #3344, #3370, #3406, #3432, #3454, #3492, #3582, #3690, #3878, #3891, #3937, #4039, #4141, #4227, #4286, #4291, #4300, #4452, #4702


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5609 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-07-04 12:11:04 +00:00
Malcolm Tredinnick 08aa5c585b Fixed #4607 -- Tweaked checks for features missing in Python 2.3 to not assume
things Python does not guarantee. Patch from SmileyChris.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5514 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-06-23 03:18:22 +00:00
Malcolm Tredinnick 4bce3c17ec Revert [5092], since this should only have been applied to newforms-admin.
Refs #1576.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5097 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 14:58:38 +00:00
Malcolm Tredinnick 6c18ba8c91 Fixed #1576 -- Fixed incorrect SQL generated when using descending ordering
from related models. Patch from SmileyChris.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5092 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:48:31 +00:00
Malcolm Tredinnick 439cb4047f Fixed #4040 -- Changed uses of has_key() to "in". Slight performance
improvement and forward-compatible with future Python releases. Patch from Gary
Wilson.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5091 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-04-26 13:30:48 +00:00
Jacob Kaplan-Moss f3cc581f3a Fixed #2828, a TypeError when deleting objects with m2m relations to self. Thanks, Brian Beck.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4616 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 19:12:31 +00:00
Jacob Kaplan-Moss abf79841fe Fixed #3397: You can now order by non-DB fields in the admin by telling Django which field to actually order by. Thanks, marcink@elksoft.pl
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4596 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-26 05:37:24 +00:00
Malcolm Tredinnick 6c4757729b Revert [4485] in order to fix accidental mod_python breakage. Refs #2920.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4486 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 23:50:35 +00:00
Russell Keith-Magee 0e924c70b1 Refs #2920 -- Replaced implicit uses of _() with explicit imports or calls to gettext(). At some point post 0.96, we need to remove the calls that put _ into the builtins.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4485 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2007-02-11 06:20:52 +00:00
Adrian Holovaty d04a2e792c Fixed typo in a docstring in django/contrib/admin/views/main.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4269 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-30 07:48:11 +00:00
Adrian Holovaty 706fcec164 Copied django.forms to django.oldforms and changed all code to reference django.oldforms instead of django.forms. Updated docs/forms.txt to add 'Forwards-compatibility' section that says you should not be using django.oldforms for any new projects.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4208 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-15 18:00:50 +00:00
Adrian Holovaty 545ebf4395 Improved [4180] to add HTML escaping on the primary-key value in the error message
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4181 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:14:35 +00:00
Adrian Holovaty 201704be3d Added improved error message in admin views/main.py when loading ChangeManipulator. Also took the opportunity to convert all Http404 exceptions to use proper exception raising syntax
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4180 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-12-07 15:09:24 +00:00
Adrian Holovaty b0a8a75fc3 Fixed #2955 -- Fixed incorrect verbose-name display in admin delete_stage message. Thanks for the patch, mattimustang@gmail.com
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3921 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-10-24 16:35:04 +00:00
Malcolm Tredinnick 96bc9ec79d Fixed #2520 -- Fixed a problem with invalid SQL being generated by admin
interface in certain circumstances. Patch from favo@exoweb.net.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3794 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-09-22 13:10:46 +00:00
Adrian Holovaty 64cf4b95a6 Fixed bug in [3553] -- Changed admin JavaScript quoting for related-object popup window not to use repr(), because that produces values such as 123L for longints. Refs #2500
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3613 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-18 21:39:29 +00:00
Adrian Holovaty efa19ae8a7 Fixed #2559 -- Added cool new operators for Admin.search_fields, plus documentation. Thanks, Andy Dustman.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3601 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-18 02:48:34 +00:00
Adrian Holovaty 4805675f9d Fixed #2500 -- Fixed bug in admin related-object pop-up window when using a primary key value that isn't an integer. Thanks, Gary Wilson and deryck@samba.org
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3553 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-08-11 05:31:08 +00:00
Jacob Kaplan-Moss 17d0bd1512 Fixed a bunch of spurious imports, typos, and other small errors turned up by a pass through PyFlakes. This covers about the first third of the errors.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3411 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-07-21 17:11:13 +00:00
Jacob Kaplan-Moss bc2d8cdbc6 Fixed #2199: deleting objects with generic foreign keys in the admin now works. Thanks, Jay Parlar
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3194 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-22 18:44:06 +00:00
Adrian Holovaty d599052a15 Added AllValuesFilterSpec to admin changelist filters, which lets you put any arbitrary field in Admin.list_filter. To determine the list of all available choices, Django does a SELECT DISTINCT. Note this is backwards-incompatible for people who have defined and registered their own FilterSpecs, because each FilterSpec now takes a 'model' parameter.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3136 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-16 19:42:06 +00:00
Luke Plant 9b86db9bf2 Eliminated lots of mutable default arguments (since they are bugs
waiting to happen and are memory leaks too).


git-svn-id: http://code.djangoproject.com/svn/django/trunk@3070 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-03 13:37:34 +00:00
Adrian Holovaty 5099424975 Negligible spacing change to admin/views/main.py
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3036 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-06-01 03:35:23 +00:00
Adrian Holovaty 2543d0ae93 Fixed bug in admin where it would redirect infinitely if invalid lookup parameters were given in the URL. Refs #2024
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3024 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-31 15:25:23 +00:00
Adrian Holovaty 192c726ee6 Fixed #2050 -- Fixed raw_id_admin display in admin. Thanks, Christopher Lenz
git-svn-id: http://code.djangoproject.com/svn/django/trunk@3018 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-31 14:37:57 +00:00
Adrian Holovaty b63157c616 Fixed #1403 -- 'Add' green plus sign no longer appears in admin change forms for fields whose related models don't have an admin
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2991 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-26 17:54:19 +00:00
Luke Plant f57e34e990 Fixed #1579 - added support for 'Q' objects in limit_choices_to.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2850 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-06 00:26:24 +00:00
Adrian Holovaty 2b551dec40 Fixed bug in admin: raw_id_admin fields weren't displaying their old values next to the form field, due to descriptor-fields change
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2827 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-04 04:09:23 +00:00
Adrian Holovaty f69cf70ed8 MERGED MAGIC-REMOVAL BRANCH TO TRUNK. This change is highly backwards-incompatible. Please read http://code.djangoproject.com/wiki/RemovingTheMagic for upgrade instructions.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2809 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-05-02 01:31:56 +00:00
Adrian Holovaty b9e40b14bc Renamed OneToOne to OneToOneRel to be consistent with ManyToManyRel
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2650 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-04-10 03:35:56 +00:00
Adrian Holovaty b8d8aca5fd Renamed ManyToOne to ManyToOneRel to be consistent with ManyToManyRel
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2649 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-04-10 03:34:47 +00:00
Adrian Holovaty e3e271ff92 Fixed #1600 -- Renamed ManyToMany to ManyToManyRel so people get a clearer error if they use ManyToMany instead of ManyToManyField
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2648 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-04-10 03:32:38 +00:00
Jacob Kaplan-Moss eeb848bdbd Fixed #889 (Thanks, Tom Tobin)
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2415 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-02-27 19:13:41 +00:00
Adrian Holovaty c14e692952 Fixed #1250 -- Fixed NameError when trying to delete without related object permissions in admin interface. Thanks, oggie rob
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2327 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-02-17 18:20:15 +00:00
Adrian Holovaty c4ab08a7a5 Added missing 'staff_member_required' decorator to change_stage() admin view
git-svn-id: http://code.djangoproject.com/svn/django/trunk@2009 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-01-16 18:49:24 +00:00
Adrian Holovaty 09da166609 Fixed #615 -- Admin views now use escape() instead of strip_tags(). Thanks, Sune Kirkeby
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1982 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-01-15 06:28:41 +00:00
Adrian Holovaty ceb558c277 Fixed #1196 -- Admin deletion step no longer assumes related objects have primary key named 'id'. Thanks, oggie rob
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1973 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2006-01-15 06:01:35 +00:00
Adrian Holovaty d971b31695 Fixed #1092 -- Fixed behavior for query-string overrides in admin forms
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1758 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-21 03:37:31 +00:00
Adrian Holovaty 800cac7e31 Negligible refactoring in django.core.meta.fields and django.contrib.admin.views.main. Taken from #1020. Refs #1020
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1591 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-10 05:32:05 +00:00
Adrian Holovaty dc2daff31f Fixed inconsistent spacing in contrib.admin.views.main
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1574 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-09 02:16:17 +00:00
Adrian Holovaty 9832abf6b4 Fixed #1022 -- Fixed bug in admin when deleting models with OneToOne. Thanks, Eric Moritz.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1566 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-07 23:36:31 +00:00
Adrian Holovaty 54618dc0fe Improved django.contrib.admin.views.main to raise ImproperlyConfigured if admin app isn't in INSTALLED_APPS. This avoids one possibility of an obscure error.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-12-06 04:55:33 +00:00
Adrian Holovaty 9541d7a7c7 Fixed #251 -- Added OR support to queries, via the new 'complex' DB API keyword argument. Updated docs and added unit tests. Also removed old, undocumented '_or' parameter. Thanks, Hugo.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1508 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-11-30 06:14:05 +00:00
Adrian Holovaty 837435a08a Small simplification to request.GET.items() call in contrib.admin.views.main. Thanks, Kieran
git-svn-id: http://code.djangoproject.com/svn/django/trunk@1507 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2005-11-30 05:34:51 +00:00