Code

Opened 3 years ago

Closed 2 years ago

Last modified 2 years ago

#16168 closed Cleanup/optimization (fixed)

Form validation is bypassed on Admin Inline ModelForms that define extra fields

Reported by: izzaddin.ruhulessin@… Owned by: nobody
Component: Documentation Version: master
Severity: Normal Keywords: validation, modelforms
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

When defining extra/overridden fields on modelforms, validation is bypassed. This can lead to errors under some circumstances.

For example, you have a model 'Book' that defines a ForeignKey to 'Author' named 'author'. On your ModelForm you replace this field by a CharField (or some other type) for whatever reason.

On submitting an invalid form, a ValueError will be raised complaining that the datatype is incorrect.

My proposed solution is overriding ModelForm._post_clean():

class ModelForm(BaseModelForm):

    def _post_clean(self):
        if len(self._errors) == 0:
            super(ModelForm, self)._post_clean()
        

Attachments (2)

16168.diff (673 bytes) - added by PieterSwinkels 3 years ago.
changes to the documentation
16168_v2.diff (694 bytes) - added by krzysiumed 3 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 3 years ago by melinath

  • Component changed from Forms to Documentation
  • Needs documentation set
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted
  • Type changed from Bug to Cleanup/optimization
  • Version changed from 1.2 to SVN

This does happen in svn as well. However, the problem is not that validation is being bypassed; because of the invalid input type from the form field, the attempt to construct an instance fails loudly. There is no way to get around this cleanly - it's a programming error, not a problem with django. The most we could do would be to add a note to the docs about the dangers of not mimicking data type conversion when overriding fields.

comment:2 Changed 3 years ago by PieterSwinkels

  • UI/UX unset

DjangoCon Europe 2011 sprint: commenced work on this ticket

Changed 3 years ago by PieterSwinkels

changes to the documentation

comment:3 Changed 3 years ago by PieterSwinkels

I have attached a diff with (I hope) the requested documentation changes.

comment:4 Changed 3 years ago by Odd_Bloke

  • Has patch set

comment:5 Changed 3 years ago by melinath

  • Patch needs improvement set

Looks okay to me, but it needs appropriate rst markup (backticks around ValueError is all that I see missing.)

Changed 3 years ago by krzysiumed

comment:6 Changed 3 years ago by krzysiumed

  • Needs documentation unset
  • Patch needs improvement unset

I added backticks around ValueError in PieterSwinkels patch.

comment:7 Changed 2 years ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from new to closed

In [ebbc414d1729f24e395ee050a62276229c59d75d]:

Fixed #16168 - Added note regarding type requirements when overridng ModelForm fields.

Thanks Pieter Swinkels for the patch.

comment:8 Changed 2 years ago by Tim Graham <timograham@…>

In [a276bdebb2e8ef4619d0cb9a02b0b9f4f73ee998]:

[1.4.X] Fixed #16168 - Added note regarding type requirements when overridng ModelForm fields.

Thanks Pieter Swinkels for the patch.

Backport of ebbc414d17 from master

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.