Skip to content

Commit

Permalink
Escape felter i admin views
Browse files Browse the repository at this point in the history
  • Loading branch information
@rasmusselsmark
rasmusselsmark committed Jan 14, 2024
1 parent 91326e9 commit 72fd6bb
Show file tree
Hide file tree
Showing 6 changed files with 19 additions and 14 deletions.
7 changes: 4 additions & 3 deletions members/admin/activity_admin.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
from django.contrib import admin
from django.urls import reverse
from django.utils.safestring import mark_safe
from django.utils.html import escape

from members.models import (
ActivityParticipant,
Expand Down Expand Up @@ -133,15 +134,15 @@ def age(self, obj):

def union_link(self, item):
url = reverse("admin:members_union_change", args=[item.department.union_id])
link = '<a href="%s">%s</a>' % (url, item.department.union.name)
link = '<a href="%s">%s</a>' % (url, escape(item.department.union.name))
return mark_safe(link)

union_link.short_description = "Forening"
union_link.admin_order_field = "department__union__name"

def department_link(self, item):
url = reverse("admin:members_department_change", args=[item.department_id])
link = '<a href="%s">%s</a>' % (url, item.department.name)
link = '<a href="%s">%s</a>' % (url, escape(item.department.name))
return mark_safe(link)

department_link.short_description = "Afdeling"
Expand All @@ -166,7 +167,7 @@ def seats_free(self, obj):
def activity_membership_union_link(self, obj):
if obj.activitytype_id in ["FORENINGSMEDLEMSKAB", "STØTTEMEDLEMSKAB"]:
url = reverse("admin:members_union_change", args=[obj.union_id])
link = '<a href="%s">%s</a>' % (url, obj.union.name)
link = '<a href="%s">%s</a>' % (url, escape(obj.union.name))
return mark_safe(link)
else:
return ""
Expand Down
2 changes: 1 addition & 1 deletion members/admin/activityinvite_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ def activity_department_link(self, item):

def activity_link(self, item):
url = reverse("admin:members_activity_change", args=[item.activity.id])
link = '<a href="%s">%s</a>' % (url, item.activity.name)
link = '<a href="%s">%s</a>' % (url, escape(item.activity.name))
return mark_safe(link)

activity_link.short_description = "Aktivitet"
Expand Down
9 changes: 5 additions & 4 deletions members/admin/activityparticipant_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from django.urls import reverse
from django.utils import timezone
from django.utils.safestring import mark_safe
from django.utils.html import escape

from members.models import (
Activity,
Expand Down Expand Up @@ -254,23 +255,23 @@ def activity_person_gender(self, item):

def activity_person_link(self, item):
url = reverse("admin:members_person_change", args=[item.person_id])
link = '<a href="%s">%s</a>' % (url, item.person.name)
link = '<a href="%s">%s</a>' % (url, escape(item.person.name))
return mark_safe(link)

activity_person_link.short_description = "Deltager"
activity_person_link.admin_order_field = "person__name"

def activity_family_email_link(self, item):
url = reverse("admin:members_family_change", args=[item.person.family_id])
link = '<a href="%s">%s</a>' % (url, item.person.family.email)
link = '<a href="%s">%s</a>' % (url, escape(item.person.family.email))
return mark_safe(link)

activity_family_email_link.short_description = "Familie"
activity_family_email_link.admin_order_field = "person__family__email"

def activity_link(self, item):
url = reverse("admin:members_activity_change", args=[item.activity.id])
link = '<a href="%s">%s</a>' % (url, item.activity.name)
link = '<a href="%s">%s</a>' % (url, escape(item.activity.name))
return mark_safe(link)

activity_link.short_description = "Aktivitet"
Expand All @@ -280,7 +281,7 @@ def activity_department_link(self, item):
url = reverse(
"admin:members_department_change", args=[item.activity.department_id]
)
link = '<a href="%s">%s</a>' % (url, item.activity.department.name)
link = '<a href="%s">%s</a>' % (url, escape(item.activity.department.name))
return mark_safe(link)

activity_department_link.short_description = "Afdeling"
Expand Down
5 changes: 3 additions & 2 deletions members/admin/department_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
from django.urls import reverse
from django.utils.safestring import mark_safe
from members.models import Union, Address, Person
from django.utils.html import escape


class UnionDepartmentFilter(admin.SimpleListFilter):
Expand Down Expand Up @@ -103,15 +104,15 @@ def get_queryset(self, request):

def department_union_link(self, item):
url = reverse("admin:members_union_change", args=[item.union_id])
link = '<a href="%s">%s</a>' % (url, item.union.name)
link = '<a href="%s">%s</a>' % (url, escape(item.union.name))
return mark_safe(link)

department_union_link.short_description = "Forening"
department_union_link.admin_order_field = "union__name"

def department_link(self, item):
url = reverse("admin:members_department_change", args=[item.id])
link = '<a href="%s">%s</a>' % (url, item.name)
link = '<a href="%s">%s</a>' % (url, escape(item.name))
return mark_safe(link)

department_link.short_description = "Afdeling"
Expand Down
3 changes: 2 additions & 1 deletion members/admin/union_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from django.http import HttpResponse
from django.urls import reverse
from django.utils.safestring import mark_safe
from django.utils.html import escape

from members.models import (
Address,
Expand Down Expand Up @@ -107,7 +108,7 @@ def get_queryset(self, request):

def union_link(self, item):
url = reverse("admin:members_union_change", args=[item.id])
link = '<a href="%s">%s</a>' % (url, item.name)
link = '<a href="%s">%s</a>' % (url, escape(item.name))
return mark_safe(link)

union_link.short_description = "Forening"
Expand Down
7 changes: 4 additions & 3 deletions members/admin/waitinglist_admin.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
from django.shortcuts import render
from django.urls import reverse
from django.utils.safestring import mark_safe
from django.utils.html import escape

from members.models import (
Union,
Expand Down Expand Up @@ -278,23 +279,23 @@ def get_queryset(self, request):

def union_link(self, item):
url = reverse("admin:members_union_change", args=[item.id])
link = '<a href="%s">%s</a>' % (url, item.department.union.name)
link = '<a href="%s">%s</a>' % (url, escape(item.department.union.name))
return mark_safe(link)

union_link.short_description = "Forening"
union_link.admin_order_field = "department__union__name"

def department_link(self, item):
url = reverse("admin:members_department_change", args=[item.department_id])
link = '<a href="%s">%s</a>' % (url, item.department.name)
link = '<a href="%s">%s</a>' % (url, escape(item.department.name))
return mark_safe(link)

department_link.short_description = "Afdeling"
department_link.admin_order_field = "department__name"

def person_link(self, item):
url = reverse("admin:members_person_change", args=[item.person_id])
link = '<a href="%s">%s</a>' % (url, item.person.name)
link = '<a href="%s">%s</a>' % (url, escape(item.person.name))
return mark_safe(link)

person_link.short_description = "Person"
Expand Down

0 comments on commit 72fd6bb

Please sign in to comment.