Opened 5 years ago

Closed 5 years ago

#12154 closed (duplicate)

ModelChoiceField cleanup raises uncaught ValueError

Reported by: patrys Owned by: nobody
Component: Forms Version: 1.1
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


If a user submits a non-integer value for a ModelChoiceField, Django tries to stick it into SQL and dies while trying to convert it to int().

Using an input fuzzer to test the forms resulted in me getting tens of "500 internal server error" emails.

Traceback (most recent call last):

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/", line 120, in is_valid
   return self.is_bound and not bool(self.errors)

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/", line 111, in _get_errors

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/", line 240, in full_clean
   value = field.clean(value)

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/", line 993, in clean
   value = self.queryset.get(**{key: value})

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/", line 299, in get
   clone = self.filter(*args, **kwargs)

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/", line 498, in filter
   return self._filter_or_exclude(False, *args, **kwargs)

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/", line 516, in _filter_or_exclude
   clone.query.add_q(Q(*args, **kwargs))

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/", line 1675, in add_q

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/", line 1614, in add_filter

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/", line 56, in add
   obj, params = obj.process(lookup_type, value)

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/", line 269, in process
   params = self.field.get_db_prep_lookup(lookup_type, value)

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/fields/", line 210, in get_db_prep_lookup
   return [self.get_db_prep_value(value)]

 File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/fields/", line 361, in get_db_prep_value
   return int(value)

ValueError: invalid literal for int() with base 10: '1234567890x'

Change History (1)

comment:1 Changed 5 years ago by mauve

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #9209

Note: See TracTickets for help on using tickets.
Back to Top