ContentType update could cascade deletes to generic foreign keys, causing data loss
|Reported by:||Kenneth Arnold||Owned by:||nobody|
|Severity:||Keywords:||contenttype, delete, cascade|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Imagine that you change the name of a model. contrib/contenttypes/management.py has logic to remove unused content types. It does this by calling
ct.delete(). The delete will cascade to any other models that reference that
ContentType. If you have generic foreign key, this could cause any items that referred to the old table to get deleted. At least you lose the admin log, which could be valuable audit data; you could also lose any data (like votes) that applied to the old object that you haven't yet ported over -- and unless you're running syncdb doubly verbose, you'd never notice.
I hope this bug is invalid and the delete doesn't actually cascade, or something makes sure things are never deleted first. But I noticed this because of a Postgres
IntegrityError upon that hook trying to delete a
ContentType that was still referenced by the admin log. I don't recall the exact error text, but what I Googled was "django_content_type still referenced".
Change History (15)
comment:1 Changed 7 years ago by
|Patch needs improvement:||unset|
|Status:||new → closed|