[Django] #19538: __admin_media_prefix__ in admin templates

Sat, 29 Dec 2012 20:33:30 -0800 

#19538: __admin_media_prefix__ in admin templates
-------------------------------+-------------------------------
     Reporter:  andrew@…       |      Owner:  nobody
         Type:  Uncategorized  |     Status:  new
    Component:  Uncategorized  |    Version:  1.4
     Severity:  Normal         |   Keywords:  admin S3 DateTime
 Triage Stage:  Unreviewed     |  Has patch:  0
Easy pickings:  0              |      UI/UX:  0
-------------------------------+-------------------------------
 contrib/admin/templates/admin/base.html contains the line:
 <script type="text/javascript">window.__admin_media_prefix__ = "{% filter
 escapejs %}{% static "admin/" %}{% endfilter %}";</script>

 The __admin_media_prefix__ is used in
 contrib/admin/static/admin/js/admin/DateTimeShortcuts.js to form URLs by
 concatenation:
 DateTimeShortcuts.admin_media_prefix + 'img/icon_clock.gif'

 This causes a problem with certain storage backends (such as S3 Boto)
 which include authentication digests as part of the URL. For instance,
 when using the S3 Boto backend, my admin renders the following line:
 <script type="text/javascript">window.__admin_media_prefix__ =
 
"https://oca3\u002Dqa.s3.amazonaws.com/admin?Signature\u003DXIt%2FCc9wPWjaw%2F3ITNjkYE3bc%2FI%3D\u0026Expires\u003D1356844210\u0026AWSAccessKeyId\u003DAKIAIGREZ7J53KZ23QKQ";;</script>

 Which, when concatenated with the fixed string generates the invalid URL:
 
https://oca3\u002Dqa.s3.amazonaws.com/admin?Signature\u003DXIt%2FCc9wPWjaw%2F3ITNjkYE3bc%2FI%3D\u0026Expires\u003D1356844210\u0026AWSAccessKeyId\u003DAKIAIGREZ7J53KZ23QKQimg/icon_clock.gif

 I suspect that the assumption the DateTime widget is relying on ({% static
 a+b %} should be equivelant to {% static a %}b) is invalid, and it should
 be using a more robust method to determine the static URL of its
 resources. The DateTime widget appears to be the only element depending on
 __admin_media_prefix__, and thus the only one to fail when switching to a
 backend that doesn't support its assumption.

-- 
Ticket URL: <https://code.djangoproject.com/ticket/19538>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to