Last active
August 29, 2015 14:02
-
-
Save thnee/8e7c6b22f350582efe57 to your computer and use it in GitHub Desktop.
ModelMultipleChoiceField does not check all data types properly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://code.djangoproject.com/ticket/22808 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django.db import models | |
| class Color(models.Model): | |
| name = models.CharField(max_length=255) | |
| def __unicode__(self): | |
| return self.name | |
| class Shirt(models.Model): | |
| name = models.CharField(max_length=255) | |
| colors = models.ManyToManyField(Color) | |
| def __unicode__(self): | |
| return self.name |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django import forms | |
| from .models import Shirt | |
| class ShirtForm(forms.ModelForm): | |
| class Meta: | |
| model = Shirt |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django.conf.urls import patterns, include, url | |
| from . import views | |
| urlpatterns = patterns('', | |
| url(r'^$', views.test), | |
| ) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from django.shortcuts import render | |
| from django.http import HttpResponse | |
| from .forms import ShirtForm | |
| def test(request): | |
| def run_form(data): | |
| form = ShirtForm(data) | |
| if form.is_valid(): | |
| print 'success' | |
| else: | |
| print dict(form.errors) | |
| # color id is integer (and 1 exists in database) | |
| run_form({'name': 'foo', 'colors': [1,]}) | |
| # result: success | |
| # color id is of type string | |
| run_form({'name': 'foo', 'colors': ['asdf',]}) | |
| # result: {'colors': [u'"asdf" is not a valid value for a primary key.']} | |
| # color id is of type list | |
| run_form({'name': 'foo', 'colors': [['asdf'],]}) | |
| # expected result: {'colors': [u'["asdf"] is not a valid value for a primary key.']} | |
| # actual result: TypeError: int() argument must be a string or a number, not 'list' | |
| # color id is of type dict | |
| run_form({'name': 'foo', 'colors': [{'asdf': 'qwer'},]}) | |
| # expected result: {'colors': [u'{"asdf": "qwer"} is not a valid value for a primary key.']} | |
| # actual result: TypeError: int() argument must be a string or a number, not 'dict' | |
| return HttpResponse('buzzbomb') |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Traceback (most recent call last): | |
| File "/usr/lib/python2.7/wsgiref/handlers.py", line 85, in run | |
| self.result = application(self.environ, self.start_response) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/contrib/staticfiles/handlers.py", line 67, in __call__ | |
| return self.application(environ, start_response) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/core/handlers/wsgi.py", line 206, in __call__ | |
| response = self.get_response(request) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 194, in get_response | |
| response = self.handle_uncaught_exception(request, resolver, sys.exc_info()) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/core/handlers/base.py", line 112, in get_response | |
| response = wrapped_callback(request, *callback_args, **callback_kwargs) | |
| File "/home/mattiasll01/code/tests/model_multiple_choice_field_check_type/mmcfct/stuff/views.py", line 26, in test | |
| run_form({'name': 'foo', 'colors': [['asdf'],]}) | |
| File "/home/mattiasll01/code/tests/model_multiple_choice_field_check_type/mmcfct/stuff/views.py", line 12, in run_form | |
| if form.is_valid(): | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/forms/forms.py", line 129, in is_valid | |
| return self.is_bound and not bool(self.errors) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/forms/forms.py", line 121, in errors | |
| self.full_clean() | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/forms/forms.py", line 273, in full_clean | |
| self._clean_fields() | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/forms/forms.py", line 288, in _clean_fields | |
| value = field.clean(value) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/forms/models.py", line 1186, in clean | |
| self.queryset.filter(**{key: pk}) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/query.py", line 593, in filter | |
| return self._filter_or_exclude(False, *args, **kwargs) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/query.py", line 611, in _filter_or_exclude | |
| clone.query.add_q(Q(*args, **kwargs)) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/sql/query.py", line 1204, in add_q | |
| clause = self._add_q(where_part, used_aliases) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/sql/query.py", line 1240, in _add_q | |
| current_negated=current_negated) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/sql/query.py", line 1131, in build_filter | |
| clause.add(constraint, AND) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/utils/tree.py", line 104, in add | |
| data = self._prepare_data(data) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/sql/where.py", line 79, in _prepare_data | |
| value = obj.prepare(lookup_type, value) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/sql/where.py", line 352, in prepare | |
| return self.field.get_prep_lookup(lookup_type, value) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/fields/__init__.py", line 369, in get_prep_lookup | |
| return self.get_prep_value(value) | |
| File "/home/mattiasll01/.virtualenvs/test/local/lib/python2.7/site-packages/django/db/models/fields/__init__.py", line 613, in get_prep_value | |
| return int(value) | |
| TypeError: int() argument must be a string or a number, not 'list' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment