id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
5913	Newforms ModelChoiceField and ModelMultipleChoiceField accepting invalid choices when cleaning	cohcheto@…	nobody	"In this fields clean() method there is no validation if the returned object is actually in the valid choices if the queryset is filtered somehow
{{{
#!python
class ModelChoiceField(ModelChoiceField):
    ...
    def clean(self, value):
        Field.clean(self, value)
        if value in ('', None):
            return None
        try:
            value = self.queryset.model._default_manager.get(pk=value)
        except self.queryset.model.DoesNotExist:
            raise ValidationError(ugettext(u'Select a valid choice. That choice is not one of the available choices.'))
        return value
}}}
Here we check only if there is an instance of that model with pk=value, but not if this object is a valid choice given the queryset
Here is an example lets say we have a model TestModel with attribute test_attribute which is BooleanField:
{{{
>>> from django.newforms.models import ModelChoiceField
>>> from testapp.models import TestModel
>>> ins_1 = TestModel._default_manager.create(test_attribute=True)
>>> ins_2 = TestModel._default_manager.create(test_attribute=False)
>>> field = ModelChoiceField(queryset=TestModel._default_manager.filter(test_attribute=True))
>>> field.clean(ins_1._get_pk_value())
<TestModel: test_attribute - True> # or something like that
>>> field.clean(ins_2._get_pk_value())
<TestModel: test_attribute - False> # this is not a valid choice but it is cleaned like it is
}}}
I provide a patch its simple but probably not the best option its for ModelChoiceField only but its the same for the multiple field"		closed	Forms	dev		fixed	newforms, clean		Accepted	1	0	0	0	0	0