mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.
Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
			
			
This commit is contained in:
		
				
					committed by
					
						 Mariusz Felisiak
						Mariusz Felisiak
					
				
			
			
				
	
			
			
			
						parent
						
							bd7e0f81f8
						
					
				
				
					commit
					6c3dfba892
				
			| @@ -6,7 +6,7 @@ from decimal import Decimal | ||||
| from django.core import checks, exceptions, serializers | ||||
| from django.core.serializers.json import DjangoJSONEncoder | ||||
| from django.db import connection | ||||
| from django.db.models import Count, F, Q | ||||
| from django.db.models import Count, F, OuterRef, Q, Subquery | ||||
| from django.db.models.expressions import RawSQL | ||||
| from django.db.models.functions import Cast | ||||
| from django.forms import CharField, Form, widgets | ||||
| @@ -303,6 +303,12 @@ class TestQuerying(PostgreSQLTestCase): | ||||
|             [self.objs[7], self.objs[8]] | ||||
|         ) | ||||
|  | ||||
|     def test_obj_subquery_lookup(self): | ||||
|         qs = JSONModel.objects.annotate( | ||||
|             value=Subquery(JSONModel.objects.filter(pk=OuterRef('pk')).values('field')), | ||||
|         ).filter(value__a='b') | ||||
|         self.assertSequenceEqual(qs, [self.objs[7], self.objs[8]]) | ||||
|  | ||||
|     def test_deep_lookup_objs(self): | ||||
|         self.assertSequenceEqual( | ||||
|             JSONModel.objects.filter(field__k__l='m'), | ||||
|   | ||||
		Reference in New Issue
	
	Block a user