Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#35172 closed Bug (fixed)

intcomma adds leading comma for string-based 3-digit number with at least 1 decimal place.

Reported by: Warwick Brown Owned by: Mariusz Felisiak
Component: contrib.humanize Version: 3.2
Severity: Release blocker Keywords: humanize intcomma comma decimal places
Cc: Natalia Bidart, Adam Johnson Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

I'm running (4, 2, 10, 'final', 0)

Just discovered that the patch to intcomma made in CVE-2024-24680 is causing numbers to appear with a leading comma when they're 3 digits (ie between 100 and 999) with at least 1 decimal place

In [34]: intcomma('111')
Out[34]: '111'

In [35]: intcomma('111.1')
Out[35]: ',111.1'

In [36]: intcomma('99.1')
Out[36]: '99.1'

In [37]: intcomma('999.1')
Out[37]: ',999.1'

I note there doesn't appear to be a test in tests/humanize_tests/tests.py for the case of a string "111.1"

I encountered this because I use {{ price|floatformat:2|intcomma }} in templates, thus floatformat is providing a string to intcomma.

Change History (10)

comment:1 by Warwick Brown, 2 months ago

Type: UncategorizedBug

comment:2 by Mariusz Felisiak, 2 months ago

Cc: Natalia Bidart Adam Johnson added
Severity: NormalRelease blocker
Summary: intcomma patch in CVE-2024-24680 causing leading comma when provided string-based 3-digit number with at least 1 decimal placeintcomma adds leading comma for string-based 3-digit number with at least 1 decimal place.
Triage Stage: UnreviewedAccepted
Version: 4.23.2

Great catch! Thanks for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

comment:3 by Mariusz Felisiak, 2 months ago

Owner: changed from nobody to Mariusz Felisiak
Status: newassigned

comment:4 by Mariusz Felisiak, 2 months ago

Has patch: set
Needs documentation: set

comment:5 by Mariusz Felisiak, 2 months ago

Needs documentation: unset

comment:6 by GitHub <noreply@…>, 2 months ago

Resolution: fixed
Status: assignedclosed

In 2f14c2ce:

Fixed #35172 -- Fixed intcomma for string floats.

Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

comment:7 by Mariusz Felisiak <felisiak.mariusz@…>, 2 months ago

In c22075af:

[5.0.x] Fixed #35172 -- Fixed intcomma for string floats.

Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.
Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main

comment:8 by Mariusz Felisiak <felisiak.mariusz@…>, 2 months ago

In cb173bb0:

[4.2.x] Fixed #35172 -- Fixed intcomma for string floats.

Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.

comment:9 by Mariusz Felisiak <felisiak.mariusz@…>, 2 months ago

In fc41af69:

[3.2.x] Fixed #35172 -- Fixed intcomma for string floats.

Thanks Warwick Brown for the report.

Regression in 55519d6cf8998fe4c8f5c8abffc2b10a7c3d14e9.

Backport of 2f14c2cedc9c92373471c1f98a80c81ba299584a from main.

comment:10 by Adam Johnson, 2 months ago

Ah, well caught, thank you very much!

Note: See TracTickets for help on using tickets.
Back to Top