Opened 4 years ago
Closed 4 years ago
#31459 closed Cleanup/optimization (fixed)
URL path parameter regex too lenient.
| Reported by: | Adam Johnson | Owned by: | Adam Johnson |
|---|---|---|---|
| Component: | Core (URLs) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
A user on the Django forum tried to configure a URL like books/<int:book.id>/. This was successfully parsed as a URL, but no converters applied.
This is because the left hand side of the regex for finding path parameter syntax looks for converter names with "anything not a colon or >". But the right hand side matches only word characters.
If we matched "anything not a >", then the attempted parameter would have been matched, and "book.id" would have hit the guard we have for invalid identifiers, with a message like:
"URL route 'books/<int:book.id>/' uses parameter name 'book.id' which isn't a valid Python identifier."
Change History (5)
comment:1 by , 4 years ago
| Has patch: | set |
|---|
comment:2 by , 4 years ago
| Description: | modified (diff) |
|---|---|
| Owner: | changed from to |
| Summary: | URL path parameter regex too lenient → URL path parameter regex too lenient. |
| Triage Stage: | Unreviewed → Accepted |
comment:3 by , 4 years ago
| Type: | Bug → Cleanup/optimization |
|---|
comment:4 by , 4 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
PR