diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-01-28 14:08:25 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-01-28 14:08:25 +0000 |
| commit | c24bdf044ba23f2aa09ea4637a368ea86fd1c128 (patch) | |
| tree | 9e9afcb8dc6803205570e5e047539537528b9ea8 /django/contrib/admin/views | |
| parent | 22eaf77f9d3541e007d3e1b6292710bb6a016dff (diff) | |
Fixed #15103 - SuspiciousOperation with limit_choices_to and raw_id_fields
Thanks to natrius for the report.
This patch also fixes some unicode bugs in affected code.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/contrib/admin/views')
| -rw-r--r-- | django/contrib/admin/views/main.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py index 886ccd9be7..00ab9fed21 100644 --- a/django/contrib/admin/views/main.py +++ b/django/contrib/admin/views/main.py @@ -183,16 +183,18 @@ class ChangeList(object): # if key ends with __in, split parameter into separate values if key.endswith('__in'): - lookup_params[key] = value.split(',') + value = value.split(',') + lookup_params[key] = value # if key ends with __isnull, special case '' and false if key.endswith('__isnull'): if value.lower() in ('', 'false'): - lookup_params[key] = False + value = False else: - lookup_params[key] = True + value = True + lookup_params[key] = value - if not self.model_admin.lookup_allowed(key): + if not self.model_admin.lookup_allowed(key, value): raise SuspiciousOperation( "Filtering by %s not allowed" % key ) |
