#6209 closed (fixed)
FormPreview never passes security_hash validation when a BooleanField is set to False
Reported by: | Owned by: | rokclimb15 | |
---|---|---|---|
Component: | contrib.formtools | Version: | dev |
Severity: | Keywords: | preview form | |
Cc: | dablak@…, rbreathe@…, rajesh.dhawan@…, dev@…, bthomas@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | yes | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
when you give a boolean field in Form preview, and you give the boolean field "False" value, Django will not commit correctly.
First, if i press "preview" button, it will preview my form content correctly, but next i press "submit" button, Django give the boolean
field "True" value unexpected, and stay at this page. Next, i press "submit" button again in this page(now the boolean field has "True" value), Django can commit correctly...
this is my model
class TestPreForm(models.Model): test = models.CharField(max_length=20, null=True, blank=True) is_test = models.BooleanField(default=False)
this my views
class TestPreFormPreview(FormPreview): def done(self, request, cleaned_data): _test = cleaned_data['test'] _is_test = cleaned_data['is_test'] TestPreForm.objects.create(test = _test, is_test = _is_test) return render_to_response('preform/form_ok.html', {'test':_test, 'is_test':_is_test})
this is my urls
(r'^preform/preview/$', TestPreFormPreview(forms.models.form_for_model(TestPreForm))),
Attachments (3)
Change History (21)
comment:1 by , 17 years ago
Cc: | added |
---|
comment:2 by , 17 years ago
Needs tests: | set |
---|
comment:3 by , 17 years ago
comment:4 by , 17 years ago
Needs tests: | unset |
---|---|
Resolution: | → invalid |
Status: | new → closed |
Original poster was asked for more information. No feedback since 6 weeks. Closing it. Please reopen if the bug
is still in the latest trunk and more information is given.
comment:5 by , 16 years ago
Cc: | added |
---|---|
Resolution: | invalid |
Status: | closed → reopened |
I've also hit this problem.
I have a field, beta_test = BooleanField(required=False)
.
When I submit the form with the checkbox unticked, the preview renders as I expect: the template snippet "{% if form.beta_test.data %}True{% else %}False{% endif %}, {{ form.beta_test.data }}
" renders as "False, False
".
However, when I confirm the submission, the preview page is re-rendered, the previous snippet rendering "True, False
"; the contents of the <form>
, with the exception of the hash
field, are identical but for the ordering of attributes within the various <input>
fields.
If the field is ticked for the original preview, the submission works as expected first time (the preview snippet producing "True, on
").
comment:6 by , 16 years ago
milestone: | → 1.0 alpha |
---|
comment:7 by , 16 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:8 by , 16 years ago
Summary: | when you give a boolean field in Form preview, and you give the boolean field "False" value, Django will not commit rightly → FormPreview never passes security_hash validation when a BooleanField is set to False |
---|
comment:9 by , 16 years ago
milestone: | 1.0 alpha → 1.0 |
---|
comment:10 by , 16 years ago
Cc: | added |
---|---|
Owner: | changed from | to
Status: | reopened → new |
I'll take a crack at this.
by , 16 years ago
Attachment: | patch-#6209.diff added |
---|
Patch fixes issue and adds a unit test for this case
comment:11 by , 16 years ago
Has patch: | set |
---|---|
Needs tests: | set |
comment:12 by , 16 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
by , 16 years ago
Attachment: | ticket-6209-r8231.diff added |
---|
Updated rajeshdhawan's patch to apply cleanly against r8231
comment:13 by , 16 years ago
Owner: | changed from | to
---|---|
Status: | assigned → new |
comment:14 by , 16 years ago
Cc: | added |
---|
comment:15 by , 16 years ago
Cc: | added |
---|---|
Patch needs improvement: | set |
Ticket #7038 was marked as a duplicate of this, but will not be fixed unless security_hash in wizard.py is patched as well. Maybe the fixed version of security_hash should be moved elsewhere so both FormPreview and FormWizard can share it. Either the patch for this ticket needs to fix FormWizard as well, or #7038 needs to be reopened.
by , 16 years ago
Attachment: | patch-#6209-preview_wizard.diff added |
---|
Revised patch to share security hash implementation between preview and wizard
comment:16 by , 16 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
Latest patch works very nicely for me. Thanks everyone.
comment:17 by , 16 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Is this in latest trunk? Can you add a paste of the preview form html to dpaste? This should be handled correctly, if the hidden field has the value 'True' or 'False'