Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

No longer allow '+' as related_name in PlaceholderField #1448

Merged
merged 2 commits into from Sep 27, 2012

Conversation

Projects
None yet
4 participants
Collaborator

ojii commented Sep 26, 2012

Setting the related_name in a models.fields.PlaceholderField to '+'
causes the permission checks on models.Placeholder to fail because
models.Placeholder._get_attached_fields which is used by the permission
system will not find the attached model.

This patch prevents this by simply raising a ValueError if a developer
attempts to create a models.fields.PlaceholderField with '+' as
related_name. This is documented in extending_cms/placeholders.rst and
tested in PlaceholderTestCase.test_placeholder_field_no_related_name.

No longer allow '+' as related_name in PlaceholderField
Setting the related_name in a models.fields.PlaceholderField to '+'
causes the permission checks on models.Placeholder to fail because
models.Placeholder._get_attached_fields which is used by the permission
system will not find the attached model.

This patch prevents this by simply raising a ValueError if a developer
attempts to create a models.fields.PlaceholderField with '+' as
related_name. This is documented in extending_cms/placeholders.rst and
tested in PlaceholderTestCase.test_placeholder_field_no_related_name.

@kezabelle kezabelle commented on an outdated diff Sep 26, 2012

docs/extending_cms/placeholders.rst
@@ -34,6 +34,11 @@ The :class:`~cms.models.fields.PlaceholderField` takes a string as its first
argument which will be used to configure which plugins can be used in this
placeholder. The configuration is the same as for placeholders in the CMS.
+.. warning::
+
+ For security reasons the related name fo a :class:`~cms.models.fields.PlaceholderField` may not be surpressed using
@kezabelle

kezabelle Sep 26, 2012

Contributor

fo should be for

@kezabelle

kezabelle Sep 26, 2012

Contributor

Also maybe change related name to related_name, then there's no ambiguity.

Improved docs for the related_name change in PlaceholderField
Fixed typos and reduced line length to <80
Contributor

kezabelle commented Sep 26, 2012

LGTM.

digi604 added a commit that referenced this pull request Sep 27, 2012

Merge pull request #1448 from ojii/placeholder-no-related-name
No longer allow '+' as related_name in PlaceholderField

@digi604 digi604 merged commit 9f322fa into divio:develop Sep 27, 2012

1 check passed

default The Travis build passed
Details

Coverage Status

Changes Unknown when pulling 94db285 on ojii:placeholder-no-related-name into * on divio:develop*.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment