Opened 5 years ago

Closed 5 months ago

#13383 closed Bug (duplicate)

Querysets should only allow the correct model types to be filtered against

Reported by: SmileyChris Owned by:
Component: Database layer (models, ORM) Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Here's a simple example of what is allowed at the moment. It seems that this should throw an exception for the last line:

In [1]: from django.contrib.auth.models import *


In [3]: u = User.objects.all()[0]


In [5]: m = Message.objects.create(user=u, message='test')

In [6]: m.pk, u.pk
Out[6]: (1, 1)


In [10]: User.objects.filter(message=m)
Out[10]: [<User: chris_b>]

In [11]: User.objects.filter(message=u)
Out[11]: [<User: chris_b>]

Change History (12)

comment:1 Changed 5 years ago by Alex

  • milestone set to 1.3
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 5 years ago by anonymous

  • Owner changed from nobody to anonymous
  • Status changed from new to assigned

It seems last line wil not throw an exception but returns empty list

u = User.objects.all()[0]
m = Message.objects.create(user=u, message='test')
m

<Message: test>

u

<User: admin>

User.objects.filter(message=m)

[<User: admin>]

User.objects.filter(message=u)

[]

comment:3 Changed 5 years ago by SmileyChris

It depends on the primary key of your user, hence my line 6 output in the initial description showing they both have the id of 1

comment:4 Changed 5 years ago by aviraldg

  • Owner changed from anonymous to aviraldg
  • Status changed from assigned to new

comment:5 Changed 5 years ago by aviraldg

  • Owner aviraldg deleted

comment:6 Changed 4 years ago by karahello

  • Owner set to karahello

comment:7 Changed 4 years ago by julien

  • Severity set to Normal
  • Type set to Bug

comment:8 Changed 4 years ago by karahello

  • Owner karahello deleted

comment:9 Changed 4 years ago by jacob

  • milestone 1.3 deleted

Milestone 1.3 deleted

comment:11 Changed 3 years ago by aaugustin

  • UI/UX unset

Change UI/UX from NULL to False.

comment:12 Changed 3 years ago by aaugustin

  • Easy pickings unset

Change Easy pickings from NULL to False.

comment:13 Changed 5 months ago by claudep

  • Resolution set to duplicate
  • Status changed from new to closed

Fixed in #14334

Note: See TracTickets for help on using tickets.
Back to Top