summaryrefslogtreecommitdiff
path: root/django/contrib/admin/views
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2011-01-28 14:08:25 +0000
committerLuke Plant <L.Plant.98@cantab.net>2011-01-28 14:08:25 +0000
commitc24bdf044ba23f2aa09ea4637a368ea86fd1c128 (patch)
tree9e9afcb8dc6803205570e5e047539537528b9ea8 /django/contrib/admin/views
parent22eaf77f9d3541e007d3e1b6292710bb6a016dff (diff)
Fixed #15103 - SuspiciousOperation with limit_choices_to and raw_id_fields
Thanks to natrius for the report. This patch also fixes some unicode bugs in affected code. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15347 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/contrib/admin/views')
-rw-r--r--django/contrib/admin/views/main.py10
1 files changed, 6 insertions, 4 deletions
diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py
index 886ccd9be7..00ab9fed21 100644
--- a/django/contrib/admin/views/main.py
+++ b/django/contrib/admin/views/main.py
@@ -183,16 +183,18 @@ class ChangeList(object):
# if key ends with __in, split parameter into separate values
if key.endswith('__in'):
- lookup_params[key] = value.split(',')
+ value = value.split(',')
+ lookup_params[key] = value
# if key ends with __isnull, special case '' and false
if key.endswith('__isnull'):
if value.lower() in ('', 'false'):
- lookup_params[key] = False
+ value = False
else:
- lookup_params[key] = True
+ value = True
+ lookup_params[key] = value
- if not self.model_admin.lookup_allowed(key):
+ if not self.model_admin.lookup_allowed(key, value):
raise SuspiciousOperation(
"Filtering by %s not allowed" % key
)