Code

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#13537 closed (duplicate)

changing password in admin with TEMPLATE_STRING_IF_INVALID is broken.

Reported by: david.arakelian@… Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords: admin password, TEMPLATE_STRING_IF_INVALID
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: UI/UX:

Description

Running django 1.2 rc 1 SVN-13260 in my settings I have

TEMPLATE_STRING_IF_INVALID = '!invalid var!'

When I try to change the User password (change password form)
I got an exception

You called this URL via POST, but the URL doesn't end in a slash and you have APPEND_SLASH set. Django can't redirect to the slash URL while maintaining POST data. Change your form to point to xxx.com:7777/admin/auth/user/2/password/!Invalid Var!/ (note the trailing slash), or set APPEND_SLASH=False in your Django settings.

It seems that the file :
django/contrib/admin/templates/admin/auth/user/change_password.html is causing this error.
A quick fix will be:

Line 19:

<form action="{% if form_url %}{{ form_url }}{% endif %}" method="post" id="{{ opts.module_name }}_form">{% csrf_token %}{% block form_top %}{% endblock %}

Iinstead of:

<form action="{{ form_url }}" method="post" id="{{ opts.module_name }}_form">{% csrf_token %}{% block form_top %}{% endblock %}

Attachments (0)

Change History (4)

comment:1 Changed 4 years ago by russellm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

The purpose of TEMPLATE_STRING_IF_INVALID is to help identify template failure. It's not something that should be turned on as a default setting. The documentation already warns about the potential problems that may arise, and this is just one of those problems.

The fix you propose would hide the underlying problem - the fact that you're passing in an invalid value for form_url. This isn't something we should be programatically hiding.

comment:2 Changed 4 years ago by anonymous

  • Patch needs improvement set
  • Resolution wontfix deleted
  • Status changed from closed to reopened

The TEMPLATE_STRING_IF_INVALID is not turned by default I am using for debug purposes.

if DEBUG:
    TEMPLATE_STRING_IF_INVALID = '!Invalid Var!'

I understand that this WILL not fix the ISSUE it is just to locate where the issue is.
So basically you are saying that use the TEMPLATE_STRING_IF_INVALID for template failures (which I am trying to do in debug mode) AND don't use it at the same time?

It means that the django admin will not be able to change password if that setting is used and that's fine for you?

comment:3 Changed 4 years ago by kmtracey

  • Resolution set to duplicate
  • Status changed from reopened to closed

Yes, it is known and documented that admin does not work properly if TEMPLATE_STRING_IF_INVALID is non-empty. Removing admin's dependence on this is tracked by #3579. That is the ticket that should be updated to note this case.

comment:4 Changed 3 years ago by jacob

  • milestone 1.2 deleted

Milestone 1.2 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.