← Back to branch summary

~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

« back to all changes in this revision

Viewing changes to django/contrib/admin/templatetags/admin_list.py

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-10-12 11:34:35 UTC
  • mfrom: (4.4.9 sid)
  • mto: This revision was merged to the branch mainline in revision 30.
  • Revision ID: james.westby@ubuntu.com-20101012113435-5rk3p18nyanuhj6g
* SECURITY UPDATE: XSS in CSRF protections. New upstream release
  - CVE-2010-3082
* debian/patches/01_disable_url_verify_regression_tests.diff:
  - updated to disable another test that fails without internet connection
  - patch based on work by Kai Kasurinen and Krzysztof Klimonda
* debian/control: don't Build-Depends on locales-all, which doesn't exist
  in maverick

Show diffs side-by-side

added added

removed removed

Lines of Context:
django/contrib/admin/templatetags/admin_list.py
189
189
            else:
190
190
                result_repr = conditional_escape(result_repr)
191
191
            yield mark_safe(u'<td%s>%s</td>' % (row_class, result_repr))
192
 
    if form:
 
192
    if form and not form[cl.model._meta.pk.name].is_hidden:
193
193
        yield mark_safe(u'<td>%s</td>' % force_unicode(form[cl.model._meta.pk.name]))
194
194
 
195
195
def results(cl):
200
200
        for res in cl.result_list:
201
201
            yield list(items_for_result(cl, res, None))
202
202
 
 
203
def result_hidden_fields(cl):
 
204
    if cl.formset:
 
205
        for res, form in zip(cl.result_list, cl.formset.forms):
 
206
            if form[cl.model._meta.pk.name].is_hidden:
 
207
                yield mark_safe(force_unicode(form[cl.model._meta.pk.name]))
 
208
 
203
209
def result_list(cl):
204
210
    """
205
211
    Displays the headers and data list together
206
212
    """
207
213
    return {'cl': cl,
 
214
            'result_hidden_fields': list(result_hidden_fields(cl)),
208
215
            'result_headers': list(result_headers(cl)),
209
216
            'results': list(results(cl))}
210
217
result_list = register.inclusion_tag("admin/change_list_results.html")(result_list)