innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
django1/django
History
Gary Wilson Jr 38d972b9ec Fixed #5880 -- Fixed an XSS hole in the admin interface. 
* Escaped text that gets sent after saving the admin foreignkey popup form.
 * Added quotes around the second argument passed to `opener.dismissAddAnotherPopup` to make the function also work when a text field is used as the primary key.
 * Added a `html_unescape` javascript function to unescape the strings passed in to the `dismissAddAnotherPopup` function so that the added choice displays correctly in the dropdown box.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@6691 bcc190cf-cafb-0310-a4f2-bffc1f526a37
 		2007-11-18 06:51:20 +00:00
..
bin Fixed #3955 -- Handled the case when there is no LOCALE_PATHS setting from [6349]. Thanks, Wang Chun and semenov. 2007-10-03 03:19:14 +00:00
conf Fixed #5933 -- Updated Polish translation from Jarek Zgoda. 2007-11-15 09:17:53 +00:00
contrib Fixed #5880 -- Fixed an XSS hole in the admin interface. 2007-11-18 06:51:20 +00:00
core Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary. 2007-11-11 03:55:44 +00:00
db Added the small changes necessary to make creating custom model fields easier. 2007-11-05 13:59:42 +00:00
dispatch Fixed #5664 -- Added a Jython workaround for some assumptions in the signal 2007-10-21 18:26:24 +00:00
forms Changed django.forms to remove duplicate code and import from django.oldforms instead 2006-12-22 01:44:34 +00:00
http Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary. 2007-11-11 03:55:44 +00:00
middleware Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary. 2007-11-11 03:55:44 +00:00
newforms Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 2007-11-14 12:58:53 +00:00
oldforms Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 2007-11-14 12:58:53 +00:00
shortcuts Fixed #5483 -- Removed django.shortcuts.load_and_render, which was replaced a long time ago 2007-09-15 04:52:48 +00:00
template Fixed #5945 -- Treat string literals in template filter arguments as safe 2007-11-17 12:11:26 +00:00
templatetags Fixed #5969 -- Corrected a problem introduced in [6682]. 2007-11-18 03:36:03 +00:00
test Fixed #5898 -- Changed a few response processing paths to make things harder to get wrong and easier to get right. Previous behaviour wasn't buggy, but it was harder to use than necessary. 2007-11-11 03:55:44 +00:00
utils Fixed #5960 -- Fixed some Python 2.3 incompatibilities. 2007-11-17 12:58:06 +00:00
views Implemented auto-escaping of variable output in templates. Fully controllable by template authors and it's possible to write filters and templates that simulataneously work in both auto-escaped and non-auto-escaped environments if you need to. Fixed #2359 2007-11-14 12:58:53 +00:00
__init__.py Fixed #5215 -- Added Subversion revision number to Django version string. Thanks for the patch, Deryck Hodge 2007-08-21 03:08:02 +00:00