mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Fixed #9252 -- Moved the try/except protecting against incorrect lookup params to where the error is now raised, and added a test for this case.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9245 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -99,14 +99,7 @@ class ChangeList(object): | |||||||
|     def get_results(self, request): |     def get_results(self, request): | ||||||
|         paginator = Paginator(self.query_set, self.list_per_page) |         paginator = Paginator(self.query_set, self.list_per_page) | ||||||
|         # Get the number of objects, with admin filters applied. |         # Get the number of objects, with admin filters applied. | ||||||
|         try: |  | ||||||
|         result_count = paginator.count |         result_count = paginator.count | ||||||
|         # Naked except! Because we don't have any other way of validating |  | ||||||
|         # "params". They might be invalid if the keyword arguments are |  | ||||||
|         # incorrect, or if the values are not in the correct type (which would |  | ||||||
|         # result in a database error). |  | ||||||
|         except: |  | ||||||
|             raise IncorrectLookupParameters |  | ||||||
|  |  | ||||||
|         # Get the total number of objects, with no admin filters applied. |         # Get the total number of objects, with no admin filters applied. | ||||||
|         # Perform a slight optimization: Check to see whether any filters were |         # Perform a slight optimization: Check to see whether any filters were | ||||||
| @@ -192,7 +185,15 @@ class ChangeList(object): | |||||||
|                 lookup_params[key] = value.split(',') |                 lookup_params[key] = value.split(',') | ||||||
|  |  | ||||||
|         # Apply lookup parameters from the query string. |         # Apply lookup parameters from the query string. | ||||||
|  |         try: | ||||||
|             qs = qs.filter(**lookup_params) |             qs = qs.filter(**lookup_params) | ||||||
|  |         # Naked except! Because we don't have any other way of validating "params". | ||||||
|  |         # They might be invalid if the keyword arguments are incorrect, or if the | ||||||
|  |         # values are not in the correct type, so we might get FieldError, ValueError, | ||||||
|  |         # ValicationError, or ? from a custom field that raises yet something else  | ||||||
|  |         # when handed impossible data. | ||||||
|  |         except: | ||||||
|  |             raise IncorrectLookupParameters | ||||||
|  |  | ||||||
|         # Use select_related() if one of the list_display options is a field |         # Use select_related() if one of the list_display options is a field | ||||||
|         # with a relationship. |         # with a relationship. | ||||||
|   | |||||||
| @@ -161,6 +161,13 @@ class AdminViewBasicTest(TestCase): | |||||||
|             "Changelist filter not correctly limited by limit_choices_to." |             "Changelist filter not correctly limited by limit_choices_to." | ||||||
|         ) |         ) | ||||||
|          |          | ||||||
|  |     def testIncorrectLookupParameters(self): | ||||||
|  |         """Ensure incorrect lookup parameters are handled gracefully.""" | ||||||
|  |         response = self.client.get('/test_admin/admin/admin_views/thing/', {'notarealfield': '5'}) | ||||||
|  |         self.assertRedirects(response, '/test_admin/admin/admin_views/thing/?e=1')         | ||||||
|  |         response = self.client.get('/test_admin/admin/admin_views/thing/', {'color__id__exact': 'StringNotInteger!'}) | ||||||
|  |         self.assertRedirects(response, '/test_admin/admin/admin_views/thing/?e=1') | ||||||
|  |              | ||||||
| def get_perm(Model, perm): | def get_perm(Model, perm): | ||||||
|     """Return the permission object, for the Model""" |     """Return the permission object, for the Model""" | ||||||
|     ct = ContentType.objects.get_for_model(Model) |     ct = ContentType.objects.get_for_model(Model) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user