From a875f612e0ae84c2084d0b6230ffafe32a9777c8 Mon Sep 17 00:00:00 2001 From: Marc Tamlyn Date: Mon, 16 Jul 2012 23:26:31 +0100 Subject: [PATCH] Fixed #18634 -- Don't escape variables in the context for startproject/startapp. The & symbols which can come up in the secret key were being escaped to &. --- django/core/management/templates.py | 2 +- .../project_template/additional_dir/extra.py | 1 + .../management/commands/custom_startproject.py | 11 +++++++++++ tests/regressiontests/admin_scripts/tests.py | 18 ++++++++++++++++++ 4 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 tests/regressiontests/admin_scripts/custom_templates/project_template/additional_dir/extra.py create mode 100644 tests/regressiontests/admin_scripts/management/commands/custom_startproject.py diff --git a/django/core/management/templates.py b/django/core/management/templates.py index 2bf2f661fd..52d0e5c89d 100644 --- a/django/core/management/templates.py +++ b/django/core/management/templates.py @@ -115,7 +115,7 @@ class TemplateCommand(BaseCommand): context = Context(dict(options, **{ base_name: name, base_directory: top_dir, - })) + }), autoescape=False) # Setup a stub settings environment for template rendering from django.conf import settings diff --git a/tests/regressiontests/admin_scripts/custom_templates/project_template/additional_dir/extra.py b/tests/regressiontests/admin_scripts/custom_templates/project_template/additional_dir/extra.py new file mode 100644 index 0000000000..6b553f190f --- /dev/null +++ b/tests/regressiontests/admin_scripts/custom_templates/project_template/additional_dir/extra.py @@ -0,0 +1 @@ +# this file uses the {{ extra }} variable diff --git a/tests/regressiontests/admin_scripts/management/commands/custom_startproject.py b/tests/regressiontests/admin_scripts/management/commands/custom_startproject.py new file mode 100644 index 0000000000..80c6d6b805 --- /dev/null +++ b/tests/regressiontests/admin_scripts/management/commands/custom_startproject.py @@ -0,0 +1,11 @@ +from optparse import make_option + +from django.core.management.commands.startproject import Command as BaseCommand + + +class Command(BaseCommand): + option_list = BaseCommand.option_list + ( + make_option('--extra', + action='store', dest='extra', + help='An arbitrary extra value passed to the context'), + ) diff --git a/tests/regressiontests/admin_scripts/tests.py b/tests/regressiontests/admin_scripts/tests.py index ecb16df53a..546fa7d79c 100644 --- a/tests/regressiontests/admin_scripts/tests.py +++ b/tests/regressiontests/admin_scripts/tests.py @@ -1541,6 +1541,24 @@ class StartProject(LiveServerTestCase, AdminScriptTestCase): self.assertIn("project_name = 'another_project'", content) self.assertIn("project_directory = '%s'" % testproject_dir, content) + def test_no_escaping_of_project_variables(self): + "Make sure template context variables are not html escaped" + # We're using a custom command so we need the alternate settings + self.write_settings('alternate_settings.py') + template_path = os.path.join(test_dir, 'admin_scripts', 'custom_templates', 'project_template') + args = ['custom_startproject', '--template', template_path, 'another_project', 'project_dir', '--extra', '<&>', '--settings=alternate_settings'] + testproject_dir = os.path.join(test_dir, 'project_dir') + os.mkdir(testproject_dir) + out, err = self.run_manage(args) + self.addCleanup(shutil.rmtree, testproject_dir) + self.assertNoOutput(err) + test_manage_py = os.path.join(testproject_dir, 'additional_dir', 'extra.py') + with open(test_manage_py, 'r') as fp: + content = fp.read() + self.assertIn("<&>", content) + # tidy up alternate settings + self.remove_settings('alternate_settings.py') + def test_custom_project_destination_missing(self): """ Make sure an exception is raised when the provided