ModelMultipleChoiceField does not properly check if value is valid
ModelMultipleChoiceField does try to check if value is valid by doing a query here: https://github.com/django/django/blob/stable/1.6.x/django/forms/models.py#L1185
However, it only cathes ValueError, assuming that filter() is capable of even using the value.
If the value is a weird data type like list or dict, the call to filter throws TypeError.
ModelMultipleChoiceField.clean should catch TypeError, in addition to ValueError, on line 1187.
Here is gist with a complete minimal app that demonstrates how this can happen: https://gist.github.com/thnee/8e7c6b22f350582efe57/
Specifically the file: 4. views.py.
It is tested with 1.6.5, using 100% default settings in a clean test project.
Change History
(9)
| Cc: |
maxime.turcotte@… added
|
| Easy pickings: |
set
|
| Version: |
1.5 → 1.6
|
| Keywords: |
afraid-to-commit added
|
| Triage Stage: |
Unreviewed → Accepted
|
| Owner: |
changed from nobody to Niclas Olofsson
|
| Status: |
new → assigned
|
| Has patch: |
set
|
| Needs tests: |
unset
|
| Resolution: |
→ fixed
|
| Status: |
assigned → closed
|
Hi,
Looking at
django/forms/fields.py, it seems that there is precedent for catching(ValueError, TypeError)so I think it makes sense.The same error seems to be present in
ModelChoiceFieldso both should be fixed as part of this ticket.Thanks.