Django

Code

Ticket #6209 (closed: fixed)

Opened 1 year ago

Last modified 3 months ago

FormPreview never passes security_hash validation when a BooleanField is set to False

Reported by: yimogod@gmail.com Assigned to: rokclimb15
Milestone: 1.0 Component: django.contrib.formtools
Version: SVN Keywords: preview form
Cc: dablak@gmail.com, rbreathe@brookes.ac.uk, rajesh.dhawan@gmail.com, dev@sitedesign.net, bthomas@ncircle.com Triage Stage: Accepted
Has patch: 1 Needs documentation: 0
Needs tests: 1 Patch needs improvement: 1

Description

when you give a boolean field in Form preview, and you give the boolean field "False" value, Django will not commit correctly. First, if i press "preview" button, it will preview my form content correctly, but next i press "submit" button, Django give the boolean field "True" value unexpected, and stay at this page. Next, i press "submit" button again in this page(now the boolean field has "True" value), Django can commit correctly...

this is my model 

class TestPreForm(models.Model):
  test = models.CharField(max_length=20, null=True, blank=True)
  is_test = models.BooleanField(default=False)

this my views 

class TestPreFormPreview(FormPreview):
  def done(self, request, cleaned_data):
    _test = cleaned_data['test']
    _is_test = cleaned_data['is_test']
    TestPreForm.objects.create(test = _test, is_test = _is_test)  
    return render_to_response('preform/form_ok.html', {'test':_test, 'is_test':_is_test})

this is my urls 

(r'^preform/preview/$', TestPreFormPreview(forms.models.form_for_model(TestPreForm))),

Attachments

patch-#6209.diff (4.8 kB) - added by rajeshdhawan on 07/18/08 08:35:01.
Patch fixes issue and adds a unit test for this case
ticket-6209-r8231.diff (4.9 kB) - added by mcroydon on 08/08/08 11:24:49.
Updated rajeshdhawan's patch to apply cleanly against r8231
patch-#6209-preview_wizard.diff (7.8 kB) - added by rajeshdhawan on 08/20/08 10:42:31.
Revised patch to share security hash implementation between preview and wizard

Change History

02/06/08 04:22:01 changed by dablak

  • cc set to dablak@gmail.com.
  • needs_better_patch changed.
  • needs_tests changed.
  • needs_docs changed.

02/06/08 04:22:39 changed by dablak

  • needs_tests set to 1.

02/06/08 05:16:33 changed by oyvind

Is this in latest trunk? Can you add a paste of the preview form html to dpaste? This should be handled correctly, if the hidden field has the value 'True' or 'False'

03/17/08 11:01:37 changed by guettli

  • status changed from new to closed.
  • resolution set to invalid.
  • needs_tests deleted.

Original poster was asked for more information. No feedback since 6 weeks. Closing it. Please reopen if the bug is still in the latest trunk and more information is given.

07/14/08 06:45:34 changed by rbreathe@brookes.ac.uk

  • cc changed from dablak@gmail.com to dablak@gmail.com, rbreathe@brookes.ac.uk.
  • status changed from closed to reopened.
  • resolution deleted.

I've also hit this problem.

I have a field, beta_test = BooleanField(required=False).

When I submit the form with the checkbox unticked, the preview renders as I expect: the template snippet "{% if form.beta_test.data %}True{% else %}False{% endif %}, {{ form.beta_test.data }}" renders as "False, False".

However, when I confirm the submission, the preview page is re-rendered, the previous snippet rendering "True, False"; the contents of the <form>, with the exception of the hash field, are identical but for the ordering of attributes within the various <input> fields.

If the field is ticked for the original preview, the submission works as expected first time (the preview snippet producing "True, on").

07/14/08 08:37:31 changed by Robin Breathe <rbreathe@brookes.ac.uk>

  • milestone set to 1.0 alpha.

07/14/08 19:31:08 changed by ElliottM

  • stage changed from Unreviewed to Accepted.

07/14/08 19:32:27 changed by ElliottM

  • summary changed from when you give a boolean field in Form preview, and you give the boolean field "False" value, Django will not commit rightly to FormPreview never passes security_hash validation when a BooleanField is set to False.

07/15/08 09:32:11 changed by ElliottM

  • milestone changed from 1.0 alpha to 1.0.

07/17/08 16:25:29 changed by rajeshdhawan

  • cc changed from dablak@gmail.com, rbreathe@brookes.ac.uk to dablak@gmail.com, rbreathe@brookes.ac.uk, rajesh.dhawan@gmail.com.
  • owner changed from nobody to rajeshdhawan.
  • status changed from reopened to new.

I'll take a crack at this.

07/18/08 08:35:01 changed by rajeshdhawan

  • attachment patch-#6209.diff added.

Patch fixes issue and adds a unit test for this case

07/18/08 08:36:38 changed by rajeshdhawan

  • has_patch set to 1.
  • needs_tests set to 1.

08/08/08 10:44:40 changed by mcroydon

  • owner changed from rajeshdhawan to mcroydon.
  • status changed from new to assigned.

08/08/08 11:24:49 changed by mcroydon

  • attachment ticket-6209-r8231.diff added.

Updated rajeshdhawan's patch to apply cleanly against r8231

08/08/08 11:37:51 changed by mcroydon

  • owner changed from mcroydon to nobody.
  • status changed from assigned to new.

08/11/08 03:13:39 changed by adamjforster

  • cc changed from dablak@gmail.com, rbreathe@brookes.ac.uk, rajesh.dhawan@gmail.com to dablak@gmail.com, rbreathe@brookes.ac.uk, rajesh.dhawan@gmail.com, dev@sitedesign.net.

08/19/08 10:55:38 changed by bthomas

  • cc changed from dablak@gmail.com, rbreathe@brookes.ac.uk, rajesh.dhawan@gmail.com, dev@sitedesign.net to dablak@gmail.com, rbreathe@brookes.ac.uk, rajesh.dhawan@gmail.com, dev@sitedesign.net, bthomas@ncircle.com.
  • needs_better_patch set to 1.

Ticket #7038 was marked as a duplicate of this, but will not be fixed unless security_hash in wizard.py is patched as well. Maybe the fixed version of security_hash should be moved elsewhere so both FormPreview? and FormWizard? can share it. Either the patch for this ticket needs to fix FormWizard? as well, or #7038 needs to be reopened.

08/20/08 10:42:31 changed by rajeshdhawan

  • attachment patch-#6209-preview_wizard.diff added.

Revised patch to share security hash implementation between preview and wizard

08/20/08 21:10:44 changed by rokclimb15

  • owner changed from nobody to rokclimb15.
  • status changed from new to assigned.

Latest patch works very nicely for me. Thanks everyone.

08/26/08 15:19:14 changed by jacob

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [8597]) Fixed #6209: handle BooleanFields in FormPreview and FormWizard. In the process, broke the the security hash calculation out to a helper function. Thanks to mcroydon and rajeshdhawan.

Add/Change #6209 (FormPreview never passes security_hash validation when a BooleanField is set to False)




Change Properties
Action