diff --git a/CHANGELOG.txt b/CHANGELOG.txt index fe56c11d80..93215b5a53 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -49,6 +49,7 @@ Changelog * Fix: Styles for submission filtering form now have a consistent height. (Thijs Kramer) * Fix: Custom user models with a primary key type requiring `get_db_prep_value` conversion are now supported (thenewguy) * Fix: Slicing a search result set no longer loses the annotation added by `annotate_score` (Karl Hobley) + * Fix: String-based primary keys are now escaped correctly in ModelAdmin URLs (Andreas Nüßlein) 1.9 (16.02.2017) diff --git a/docs/releases/1.10.rst b/docs/releases/1.10.rst index 01e0d2bbfc..58ff150ad7 100644 --- a/docs/releases/1.10.rst +++ b/docs/releases/1.10.rst @@ -60,6 +60,7 @@ Bug fixes * The page type usage listing now have a translatable page title (Ramon de Jezus) * Styles for submission filtering form now have a consistent height. (Thijs Kramer) * Slicing a search result set no longer loses the annotation added by `annotate_score` (Karl Hobley) + * String-based primary keys are now escaped correctly in ModelAdmin URLs (Andreas Nüßlein) Upgrade considerations diff --git a/wagtail/contrib/modeladmin/helpers/button.py b/wagtail/contrib/modeladmin/helpers/button.py index 6d90e0f416..f26252f0d5 100644 --- a/wagtail/contrib/modeladmin/helpers/button.py +++ b/wagtail/contrib/modeladmin/helpers/button.py @@ -98,7 +98,7 @@ class ButtonHelper(object): classnames_exclude = [] ph = self.permission_helper usr = self.request.user - pk = quote(getattr(obj, self.opts.pk.attname)) + pk = getattr(obj, self.opts.pk.attname) btns = [] if('inspect' not in exclude and ph.user_can_inspect_obj(usr, obj)): btns.append( @@ -158,7 +158,7 @@ class PageButtonHelper(ButtonHelper): classnames_exclude = [] ph = self.permission_helper usr = self.request.user - pk = quote(getattr(obj, self.opts.pk.attname)) + pk = getattr(obj, self.opts.pk.attname) btns = [] if('inspect' not in exclude and ph.user_can_inspect_obj(usr, obj)): btns.append( diff --git a/wagtail/contrib/modeladmin/tests/test_simple_modeladmin.py b/wagtail/contrib/modeladmin/tests/test_simple_modeladmin.py index 8ef5ec5968..032bd3f0f4 100644 --- a/wagtail/contrib/modeladmin/tests/test_simple_modeladmin.py +++ b/wagtail/contrib/modeladmin/tests/test_simple_modeladmin.py @@ -5,7 +5,7 @@ from django.contrib.auth import get_user_model from django.contrib.auth.models import Group from django.test import TestCase -from wagtail.tests.modeladmintest.models import Author, Book, Publisher +from wagtail.tests.modeladmintest.models import Author, Book, Publisher, Token from wagtail.tests.utils import WagtailTestUtils from wagtail.wagtailimages.models import Image from wagtail.wagtailimages.tests.utils import get_test_image_file @@ -461,3 +461,26 @@ class TestEditorAccess(TestCase): def test_delete_post_permitted(self): response = self.client.post('/admin/modeladmintest/book/delete/2/') self.assertEqual(response.status_code, self.expected_status_code) + + +class TestQuoting(TestCase, WagtailTestUtils): + fixtures = ['modeladmintest_test.json'] + expected_status_code = 200 + + def setUp(self): + self.login() + self.tok_reg = Token.objects.create(key="RegularName") + self.tok_irr = Token.objects.create(key="Irregular_Name") + + def test_action_links(self): + response = self.client.get('/admin/modeladmintest/token/') + + self.assertContains(response, 'href="/admin/modeladmintest/token/edit/RegularName/"') + self.assertContains(response, 'href="/admin/modeladmintest/token/delete/RegularName/"') + self.assertContains(response, 'href="/admin/modeladmintest/token/edit/Irregular_5FName/"') + self.assertContains(response, 'href="/admin/modeladmintest/token/delete/Irregular_5FName/"') + + response = self.client.get('/admin/modeladmintest/token/edit/Irregular_5FName/') + self.assertEqual(response.status_code, 200) + response = self.client.get('/admin/modeladmintest/token/delete/Irregular_5FName/') + self.assertEqual(response.status_code, 200)