Opened 6 years ago

Closed 21 months ago

#13383 closed Bug (duplicate)

Querysets should only allow the correct model types to be filtered against

Reported by: Chris Beaven Owned by:
Component: Database layer (models, ORM) Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Here's a simple example of what is allowed at the moment. It seems that this should throw an exception for the last line:

In [1]: from django.contrib.auth.models import *


In [3]: u = User.objects.all()[0]


In [5]: m = Message.objects.create(user=u, message='test')

In [6]: m.pk, u.pk
Out[6]: (1, 1)


In [10]: User.objects.filter(message=m)
Out[10]: [<User: chris_b>]

In [11]: User.objects.filter(message=u)
Out[11]: [<User: chris_b>]

Change History (12)

comment:1 Changed 6 years ago by Alex Gaynor

milestone: 1.3
Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted

comment:2 Changed 6 years ago by anonymous

Owner: changed from nobody to anonymous
Status: newassigned

It seems last line wil not throw an exception but returns empty list

u = User.objects.all()[0]
m = Message.objects.create(user=u, message='test')
m

<Message: test>

u

<User: admin>

User.objects.filter(message=m)

[<User: admin>]

User.objects.filter(message=u)

[]

comment:3 Changed 6 years ago by Chris Beaven

It depends on the primary key of your user, hence my line 6 output in the initial description showing they both have the id of 1

comment:4 Changed 6 years ago by Aviral Dasgupta

Owner: changed from anonymous to Aviral Dasgupta
Status: assignednew

comment:5 Changed 6 years ago by Aviral Dasgupta

Owner: Aviral Dasgupta deleted

comment:6 Changed 6 years ago by Hello Ok

Owner: set to Hello Ok

comment:7 Changed 5 years ago by Julien Phalip

Severity: Normal
Type: Bug

comment:8 Changed 5 years ago by Hello Ok

Owner: Hello Ok deleted

comment:9 Changed 5 years ago by Jacob

milestone: 1.3

Milestone 1.3 deleted

comment:11 Changed 5 years ago by Aymeric Augustin

UI/UX: unset

Change UI/UX from NULL to False.

comment:12 Changed 5 years ago by Aymeric Augustin

Easy pickings: unset

Change Easy pickings from NULL to False.

comment:13 Changed 21 months ago by Claude Paroz

Resolution: duplicate
Status: newclosed

Fixed in #14334

Note: See TracTickets for help on using tickets.
Back to Top