summaryrefslogtreecommitdiff
path: root/django/contrib/admin/options.py
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2011-01-28 14:08:25 +0000
committerLuke Plant <L.Plant.98@cantab.net>2011-01-28 14:08:25 +0000
commitc24bdf044ba23f2aa09ea4637a368ea86fd1c128 (patch)
tree9e9afcb8dc6803205570e5e047539537528b9ea8 /django/contrib/admin/options.py
parent22eaf77f9d3541e007d3e1b6292710bb6a016dff (diff)
Fixed #15103 - SuspiciousOperation with limit_choices_to and raw_id_fields
Thanks to natrius for the report. This patch also fixes some unicode bugs in affected code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/contrib/admin/options.py')
-rw-r--r--django/contrib/admin/options.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py
index 4ad21eb42b..db445247d2 100644
--- a/django/contrib/admin/options.py
+++ b/django/contrib/admin/options.py
@@ -205,7 +205,16 @@ class BaseModelAdmin(object):
qs = qs.order_by(*ordering)
return qs
- def lookup_allowed(self, lookup):
+ def lookup_allowed(self, lookup, value):
+ model = self.model
+ # Check FKey lookups that are allowed, so that popups produced by
+ # ForeignKeyRawIdWidget, on the basis of ForeignKey.limit_choices_to,
+ # are allowed to work.
+ for l in model._meta.related_fkey_lookups:
+ for k, v in widgets.url_params_from_lookup_dict(l).items():
+ if k == lookup and v == value:
+ return True
+
parts = lookup.split(LOOKUP_SEP)
# Last term in lookup is a query term (__exact, __startswith etc)
@@ -217,7 +226,6 @@ class BaseModelAdmin(object):
# if foo has been specificially included in the lookup list; so
# drop __id if it is the last part. However, first we need to find
# the pk attribute name.
- model = self.model
pk_attr_name = None
for part in parts[:-1]:
field, _, _, _ = model._meta.get_field_by_name(part)