Opened 15 years ago
Closed 15 years ago
#12154 closed (duplicate)
ModelChoiceField cleanup raises uncaught ValueError
Reported by: | Patryk Zawadzki | Owned by: | nobody |
---|---|---|---|
Component: | Forms | Version: | 1.1 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
If a user submits a non-integer value for a ModelChoiceField, Django tries to stick it into SQL and dies while trying to convert it to int().
Using an input fuzzer to test the forms resulted in me getting tens of "500 internal server error" emails.
Traceback (most recent call last): File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/forms.py", line 120, in is_valid return self.is_bound and not bool(self.errors) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/forms.py", line 111, in _get_errors self.full_clean() File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/forms.py", line 240, in full_clean value = field.clean(value) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/forms/models.py", line 993, in clean value = self.queryset.get(**{key: value}) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/query.py", line 299, in get clone = self.filter(*args, **kwargs) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/query.py", line 498, in filter return self._filter_or_exclude(False, *args, **kwargs) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/query.py", line 516, in _filter_or_exclude clone.query.add_q(Q(*args, **kwargs)) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/query.py", line 1675, in add_q can_reuse=used_aliases) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/query.py", line 1614, in add_filter connector) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/where.py", line 56, in add obj, params = obj.process(lookup_type, value) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/sql/where.py", line 269, in process params = self.field.get_db_prep_lookup(lookup_type, value) File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/fields/__init__.py", line 210, in get_db_prep_lookup return [self.get_db_prep_value(value)] File "/usr/lib/python2.6/site-packages/Django-1.1-py2.6.egg/django/db/models/fields/__init__.py", line 361, in get_db_prep_value return int(value) ValueError: invalid literal for int() with base 10: '1234567890x'
Note:
See TracTickets
for help on using tickets.
Duplicate of #9209