Code

Ticket #9336: 9336.diff

File 9336.diff, 1.5 KB (added by bthomas, 5 years ago)

Sanitize input correctly in value_from_datadict

Line 
1Index: django/forms/widgets.py
2===================================================================
3--- django/forms/widgets.py     (revision 10686)
4+++ django/forms/widgets.py     (working copy)
5@@ -381,7 +381,8 @@
6             # A missing value means False because HTML form submission does not
7             # send results for unselected checkboxes.
8             return False
9-        return super(CheckboxInput, self).value_from_datadict(data, files, name)
10+        value = data.get(name)
11+        return {'True': True, 'False': False}.get(value, value)
12 
13     def _has_changed(self, initial, data):
14         # Sometimes data or initial could be None or u'' which should be the
15Index: tests/regressiontests/forms/forms.py
16===================================================================
17--- tests/regressiontests/forms/forms.py        (revision 10686)
18+++ tests/regressiontests/forms/forms.py        (working copy)
19@@ -295,6 +295,16 @@
20 >>> print f['get_spam']
21 <input checked="checked" type="checkbox" name="get_spam" />
22 
23+'True' should be rendered without a value attribute
24+>>> f = SignupForm({'email': 'test@example.com', 'get_spam': 'True'}, auto_id=False)
25+>>> print f['get_spam']
26+<input checked="checked" type="checkbox" name="get_spam" />
27+
28+A value of 'False' should be rendered unchecked
29+>>> f = SignupForm({'email': 'test@example.com', 'get_spam': 'False'}, auto_id=False)
30+>>> print f['get_spam']
31+<input type="checkbox" name="get_spam" />
32+
33 Any Field can have a Widget class passed to its constructor:
34 >>> class ContactForm(Form):
35 ...     subject = CharField()