Ticket #9336: 9336.diff

File 9336.diff, 1.5 KB (added by bthomas, 6 years ago)

Sanitize input correctly in value_from_datadict

  • django/forms/widgets.py

     
    381381            # A missing value means False because HTML form submission does not
    382382            # send results for unselected checkboxes.
    383383            return False
    384         return super(CheckboxInput, self).value_from_datadict(data, files, name)
     384        value = data.get(name)
     385        return {'True': True, 'False': False}.get(value, value)
    385386
    386387    def _has_changed(self, initial, data):
    387388        # Sometimes data or initial could be None or u'' which should be the
  • tests/regressiontests/forms/forms.py

     
    295295>>> print f['get_spam']
    296296<input checked="checked" type="checkbox" name="get_spam" />
    297297
     298'True' should be rendered without a value attribute
     299>>> f = SignupForm({'email': 'test@example.com', 'get_spam': 'True'}, auto_id=False)
     300>>> print f['get_spam']
     301<input checked="checked" type="checkbox" name="get_spam" />
     302
     303A value of 'False' should be rendered unchecked
     304>>> f = SignupForm({'email': 'test@example.com', 'get_spam': 'False'}, auto_id=False)
     305>>> print f['get_spam']
     306<input type="checkbox" name="get_spam" />
     307
    298308Any Field can have a Widget class passed to its constructor:
    299309>>> class ContactForm(Form):
    300310...     subject = CharField()
Back to Top