Opened 14 years ago

Closed 14 years ago

Last modified 12 years ago

#13537 closed (duplicate)

changing password in admin with TEMPLATE_STRING_IF_INVALID is broken.

Reported by: david.arakelian@… Owned by: nobody
Component: contrib.admin Version: dev
Severity: Keywords: admin password, TEMPLATE_STRING_IF_INVALID
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description

Running django 1.2 rc 1 SVN-13260 in my settings I have

TEMPLATE_STRING_IF_INVALID = '!invalid var!'

When I try to change the User password (change password form)
I got an exception

You called this URL via POST, but the URL doesn't end in a slash and you have APPEND_SLASH set. Django can't redirect to the slash URL while maintaining POST data. Change your form to point to xxx.com:7777/admin/auth/user/2/password/!Invalid Var!/ (note the trailing slash), or set APPEND_SLASH=False in your Django settings.

It seems that the file :
django/contrib/admin/templates/admin/auth/user/change_password.html is causing this error.
A quick fix will be:

Line 19:

<form action="{% if form_url %}{{ form_url }}{% endif %}" method="post" id="{{ opts.module_name }}_form">{% csrf_token %}{% block form_top %}{% endblock %}

Iinstead of:

<form action="{{ form_url }}" method="post" id="{{ opts.module_name }}_form">{% csrf_token %}{% block form_top %}{% endblock %}

Change History (4)

comment:1 by Russell Keith-Magee, 14 years ago

Resolution: wontfix
Status: newclosed

The purpose of TEMPLATE_STRING_IF_INVALID is to help identify template failure. It's not something that should be turned on as a default setting. The documentation already warns about the potential problems that may arise, and this is just one of those problems.

The fix you propose would hide the underlying problem - the fact that you're passing in an invalid value for form_url. This isn't something we should be programatically hiding.

comment:2 by anonymous, 14 years ago

Patch needs improvement: set
Resolution: wontfix
Status: closedreopened

The TEMPLATE_STRING_IF_INVALID is not turned by default I am using for debug purposes.

if DEBUG:
    TEMPLATE_STRING_IF_INVALID = '!Invalid Var!'

I understand that this WILL not fix the ISSUE it is just to locate where the issue is.
So basically you are saying that use the TEMPLATE_STRING_IF_INVALID for template failures (which I am trying to do in debug mode) AND don't use it at the same time?

It means that the django admin will not be able to change password if that setting is used and that's fine for you?

comment:3 by Karen Tracey, 14 years ago

Resolution: duplicate
Status: reopenedclosed

Yes, it is known and documented that admin does not work properly if TEMPLATE_STRING_IF_INVALID is non-empty. Removing admin's dependence on this is tracked by #3579. That is the ticket that should be updated to note this case.

comment:4 by Jacob, 12 years ago

milestone: 1.2

Milestone 1.2 deleted

Note: See TracTickets for help on using tickets.
Back to Top