[1.2.X] Fixed #13765 - 'safe' parameter for urlencode filter (759625cd) · Commits · Dom Sekotill / django

django/template/defaultfilters.py

+13 −3

Original line number	Diff line number	Diff line
		@@ -291,10 +291,20 @@ def upper(value):
		upper.is_safe = False
		upper = stringfilter(upper)

		def urlencode(value):
		"""Escapes a value for use in a URL."""
		def urlencode(value, safe=None):
		"""
		Escapes a value for use in a URL.

		Takes an optional ``safe`` parameter used to determine the characters which
		should not be escaped by Django's ``urlquote`` method. If not provided, the
		default safe characters will be used (but an empty string can be provided
		when all characters should be escaped).
		"""
		from django.utils.http import urlquote
		return urlquote(value)
		kwargs = {}
		if safe is not None:
		kwargs['safe'] = safe
		return urlquote(value, **kwargs)
		urlencode.is_safe = False
		urlencode = stringfilter(urlencode)

+2 −2

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@ def urlquote(url, safe='/'):
		can safely be used as part of an argument to a subsequent iri_to_uri() call
		without double-quoting occurring.
		"""
		return force_unicode(urllib.quote(smart_str(url), safe))
		return force_unicode(urllib.quote(smart_str(url), smart_str(safe)))

		urlquote = allow_lazy(urlquote, unicode)

		@@ -25,7 +25,7 @@ def urlquote_plus(url, safe=''):
		returned string can safely be used as part of an argument to a subsequent
		iri_to_uri() call without double-quoting occurring.
		"""
		return force_unicode(urllib.quote_plus(smart_str(url), safe))
		return force_unicode(urllib.quote_plus(smart_str(url), smart_str(safe)))
		urlquote_plus = allow_lazy(urlquote_plus, unicode)

		def urlencode(query, doseq=0):

+13 −0

Original line number	Diff line number	Diff line
		@@ -1967,6 +1967,19 @@ For example::
		If ``value`` is ``"http://www.example.org/foo?a=b&c=d"``, the output will be
		``"http%3A//www.example.org/foo%3Fa%3Db%26c%3Dd"``.

		.. versionadded:: 1.1

		An optional argument containing the characters which should not be escaped can
		be provided.

		If not provided, the '/' character is assumed safe. An empty string can be
		provided when all characters should be escaped. For example::

		{{ value\|urlencode:"" }}

		If ``value`` is ``"http://www.example.org/"``, the output will be
		``"http%3A%2F%2Fwww.example.org%2F"``.

		.. templatefilter:: urlize

		urlize

+4 −0

Original line number	Diff line number	Diff line
		@@ -265,6 +265,10 @@ def get_filter_tests():
		'filter-iriencode03': ('{{ url\|iriencode }}', {'url': mark_safe('?test=1&me=2')}, '?test=1&me=2'),
		'filter-iriencode04': ('{% autoescape off %}{{ url\|iriencode }}{% endautoescape %}', {'url': mark_safe('?test=1&me=2')}, '?test=1&me=2'),

		# urlencode
		'filter-urlencode01': ('{{ url\|urlencode }}', {'url': '/test&"/me?/'}, '/test%26%22/me%3F/'),
		'filter-urlencode02': ('/test/{{ urlbit\|urlencode:"" }}/', {'urlbit': 'escape/slash'}, '/test/escape%2Fslash/'),

		# Chaining a bunch of safeness-preserving filters should not alter
		# the safe status either way.
		'chaining01': ('{{ a\|capfirst\|center:"7" }}.{{ b\|capfirst\|center:"7" }}', {"a": "a < b", "b": mark_safe("a < b")}, " A < b . A < b "),