Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #12779 - Sanitize numeric form field input according to decimal…

… and thousand separator settings.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12625 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0d2a24fd4234d2c6551179b1ef4694229602ba90 1 parent 284e7e3
Jannis Leidel authored March 01, 2010
21  django/forms/fields.py
@@ -17,9 +17,9 @@
17 17
 from django.core.exceptions import ValidationError
18 18
 from django.core import validators
19 19
 import django.utils.copycompat as copy
  20
+from django.utils import formats
20 21
 from django.utils.translation import ugettext_lazy as _
21 22
 from django.utils.encoding import smart_unicode, smart_str
22  
-from django.utils.formats import get_format
23 23
 from django.utils.functional import lazy
24 24
 
25 25
 # Provide this import for backwards compatibility.
@@ -213,7 +213,7 @@ def to_python(self, value):
213 213
         value = super(IntegerField, self).to_python(value)
214 214
         if value in validators.EMPTY_VALUES:
215 215
             return None
216  
-
  216
+        value = formats.sanitize_separators(value)
217 217
         try:
218 218
             value = int(str(value))
219 219
         except (ValueError, TypeError):
@@ -233,11 +233,9 @@ def to_python(self, value):
233 233
         value = super(IntegerField, self).to_python(value)
234 234
         if value in validators.EMPTY_VALUES:
235 235
             return None
236  
-
  236
+        value = formats.sanitize_separators(value)
237 237
         try:
238  
-            # We always accept dot as decimal separator
239  
-            if isinstance(value, str) or isinstance(value, unicode):
240  
-                value = float(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
  238
+            value = float(value)
241 239
         except (ValueError, TypeError):
242 240
             raise ValidationError(self.error_messages['invalid'])
243 241
         return value
@@ -270,11 +268,10 @@ def to_python(self, value):
270 268
         """
271 269
         if value in validators.EMPTY_VALUES:
272 270
             return None
  271
+        value = formats.sanitize_separators(value)
273 272
         value = smart_str(value).strip()
274 273
         try:
275  
-            # We always accept dot as decimal separator
276  
-            if isinstance(value, str) or isinstance(value, unicode):
277  
-                value = Decimal(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
  274
+            value = Decimal(value)
278 275
         except DecimalException:
279 276
             raise ValidationError(self.error_messages['invalid'])
280 277
         return value
@@ -329,7 +326,7 @@ def to_python(self, value):
329 326
             return value.date()
330 327
         if isinstance(value, datetime.date):
331 328
             return value
332  
-        for format in self.input_formats or get_format('DATE_INPUT_FORMATS'):
  329
+        for format in self.input_formats or formats.get_format('DATE_INPUT_FORMATS'):
333 330
             try:
334 331
                 return datetime.date(*time.strptime(value, format)[:3])
335 332
             except ValueError:
@@ -355,7 +352,7 @@ def to_python(self, value):
355 352
             return None
356 353
         if isinstance(value, datetime.time):
357 354
             return value
358  
-        for format in self.input_formats or get_format('TIME_INPUT_FORMATS'):
  355
+        for format in self.input_formats or formats.get_format('TIME_INPUT_FORMATS'):
359 356
             try:
360 357
                 return datetime.time(*time.strptime(value, format)[3:6])
361 358
             except ValueError:
@@ -389,7 +386,7 @@ def to_python(self, value):
389 386
             if len(value) != 2:
390 387
                 raise ValidationError(self.error_messages['invalid'])
391 388
             value = '%s %s' % tuple(value)
392  
-        for format in self.input_formats or get_format('DATETIME_INPUT_FORMATS'):
  389
+        for format in self.input_formats or formats.get_format('DATETIME_INPUT_FORMATS'):
393 390
             try:
394 391
                 return datetime.datetime(*time.strptime(value, format)[:6])
395 392
             except ValueError:
19  django/utils/formats.py
@@ -109,3 +109,22 @@ def localize_input(value, default=None):
109 109
         format = smart_str(default or get_format('TIME_INPUT_FORMATS')[0])
110 110
         return value.strftime(format)
111 111
     return value
  112
+
  113
+def sanitize_separators(value):
  114
+    """
  115
+    Sanitizes a value according to the current decimal and
  116
+    thousand separator setting. Used with form field input.
  117
+    """
  118
+    if settings.USE_L10N:
  119
+        decimal_separator = get_format('DECIMAL_SEPARATOR')
  120
+        if isinstance(value, basestring):
  121
+            parts = []
  122
+            if decimal_separator in value:
  123
+                value, decimals = value.split(decimal_separator, 1)
  124
+                parts.append(decimals)
  125
+            if settings.USE_THOUSAND_SEPARATOR:
  126
+                parts.append(value.replace(get_format('THOUSAND_SEPARATOR'), ''))
  127
+            else:
  128
+                parts.append(value)
  129
+            value = '.'.join(reversed(parts))
  130
+    return value
1  tests/regressiontests/i18n/forms.py
@@ -8,6 +8,7 @@ class I18nForm(forms.Form):
8 8
     date_field = forms.DateField()
9 9
     datetime_field = forms.DateTimeField()
10 10
     time_field = forms.TimeField()
  11
+    integer_field = forms.IntegerField()
11 12
 
12 13
 class SelectDateForm(forms.Form):
13 14
     date_field = forms.DateField(widget=SelectDateWidget)
1  tests/regressiontests/i18n/models.py
@@ -9,6 +9,7 @@ class Company(models.Model):
9 9
     name = models.CharField(max_length=50)
10 10
     date_added = models.DateTimeField(default=datetime(1799,1,31,23,59,59,0))
11 11
     cents_payed = models.DecimalField(max_digits=4, decimal_places=2)
  12
+    products_delivered = models.IntegerField()
12 13
 
13 14
 __test__ = {'API_TESTS': '''
14 15
 >>> tm = TestModel()
66  tests/regressiontests/i18n/tests.py
@@ -103,9 +103,9 @@ def test_to_language(self):
103 103
 class FormattingTests(TestCase):
104 104
 
105 105
     def setUp(self):
106  
-        self._use_i18n = settings.USE_I18N
107  
-        self._use_l10n = settings.USE_L10N
108  
-        self._use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
  106
+        self.use_i18n = settings.USE_I18N
  107
+        self.use_l10n = settings.USE_L10N
  108
+        self.use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
109 109
         self.n = decimal.Decimal('66666.666')
110 110
         self.f = 99999.999
111 111
         self.d = datetime.date(2009, 12, 31)
@@ -121,9 +121,9 @@ def setUp(self):
121 121
 
122 122
     def tearDown(self):
123 123
         # Restore defaults
124  
-        settings.USE_I18N = self._use_i18n
125  
-        settings.USE_L10N = self._use_l10n
126  
-        settings.USE_THOUSAND_SEPARATOR = self._use_thousand_separator
  124
+        settings.USE_I18N = self.use_i18n
  125
+        settings.USE_L10N = self.use_l10n
  126
+        settings.USE_THOUSAND_SEPARATOR = self.use_thousand_separator
127 127
 
128 128
     def test_locale_independent(self):
129 129
         """
@@ -179,13 +179,15 @@ def test_l10n_disabled(self):
179 179
                 'float_field': u'99999,999',
180 180
                 'date_field': u'31/12/2009',
181 181
                 'datetime_field': u'31/12/2009 20:50',
182  
-                'time_field': u'20:50'
  182
+                'time_field': u'20:50',
  183
+                'integer_field': u'1.234',
183 184
             })
184 185
             self.assertEqual(False, form.is_valid())
185 186
             self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['float_field'])
186 187
             self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['decimal_field'])
187 188
             self.assertEqual([u'Introdu\xefu una data v\xe0lida.'], form.errors['date_field'])
188 189
             self.assertEqual([u'Introdu\xefu una data/hora v\xe0lides.'], form.errors['datetime_field'])
  190
+            self.assertEqual([u'Introdu\xefu un n\xfamero sencer.'], form.errors['integer_field'])
189 191
 
190 192
             form2 = SelectDateForm({
191 193
                 'date_field_month': u'12',
@@ -231,6 +233,22 @@ def test_l10n_enabled(self):
231 233
             self.assertEqual(u'66.666,666', Template('{{ n }}').render(self.ctxt))
232 234
             self.assertEqual(u'99.999,999', Template('{{ f }}').render(self.ctxt))
233 235
 
  236
+            form3 = I18nForm({
  237
+                'decimal_field': u'66.666,666',
  238
+                'float_field': u'99.999,999',
  239
+                'date_field': u'31/12/2009',
  240
+                'datetime_field': u'31/12/2009 20:50',
  241
+                'time_field': u'20:50',
  242
+                'integer_field': u'1.234',
  243
+            })
  244
+            self.assertEqual(True, form3.is_valid())
  245
+            self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
  246
+            self.assertEqual(99999.999, form3.cleaned_data['float_field'])
  247
+            self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
  248
+            self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
  249
+            self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
  250
+            self.assertEqual(1234, form3.cleaned_data['integer_field'])
  251
+
234 252
             settings.USE_THOUSAND_SEPARATOR = False
235 253
             self.assertEqual(u'66666,666', Template('{{ n }}').render(self.ctxt))
236 254
             self.assertEqual(u'99999,999', Template('{{ f }}').render(self.ctxt))
@@ -242,27 +260,29 @@ def test_l10n_enabled(self):
242 260
             self.assertEqual(u'31/12/2009', Template('{{ d|date:"SHORT_DATE_FORMAT" }}').render(self.ctxt))
243 261
             self.assertEqual(u'31/12/2009 20:50', Template('{{ dt|date:"SHORT_DATETIME_FORMAT" }}').render(self.ctxt))
244 262
 
245  
-            form3 = I18nForm({
  263
+            form4 = I18nForm({
246 264
                 'decimal_field': u'66666,666',
247 265
                 'float_field': u'99999,999',
248 266
                 'date_field': u'31/12/2009',
249 267
                 'datetime_field': u'31/12/2009 20:50',
250  
-                'time_field': u'20:50'
  268
+                'time_field': u'20:50',
  269
+                'integer_field': u'1234',
251 270
             })
252  
-            self.assertEqual(True, form3.is_valid())
253  
-            self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
254  
-            self.assertEqual(99999.999, form3.cleaned_data['float_field'])
255  
-            self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
256  
-            self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
257  
-            self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
  271
+            self.assertEqual(True, form4.is_valid())
  272
+            self.assertEqual(decimal.Decimal('66666.666'), form4.cleaned_data['decimal_field'])
  273
+            self.assertEqual(99999.999, form4.cleaned_data['float_field'])
  274
+            self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
  275
+            self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form4.cleaned_data['datetime_field'])
  276
+            self.assertEqual(datetime.time(20, 50), form4.cleaned_data['time_field'])
  277
+            self.assertEqual(1234, form4.cleaned_data['integer_field'])
258 278
 
259  
-            form4 = SelectDateForm({
  279
+            form5 = SelectDateForm({
260 280
                 'date_field_month': u'12',
261 281
                 'date_field_day': u'31',
262 282
                 'date_field_year': u'2009'
263 283
             })
264  
-            self.assertEqual(True, form4.is_valid())
265  
-            self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
  284
+            self.assertEqual(True, form5.is_valid())
  285
+            self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
266 286
             self.assertEqual(
267 287
                 u'<select name="mydate_day" id="id_mydate_day">\n<option value="1">1</option>\n<option value="2">2</option>\n<option value="3">3</option>\n<option value="4">4</option>\n<option value="5">5</option>\n<option value="6">6</option>\n<option value="7">7</option>\n<option value="8">8</option>\n<option value="9">9</option>\n<option value="10">10</option>\n<option value="11">11</option>\n<option value="12">12</option>\n<option value="13">13</option>\n<option value="14">14</option>\n<option value="15">15</option>\n<option value="16">16</option>\n<option value="17">17</option>\n<option value="18">18</option>\n<option value="19">19</option>\n<option value="20">20</option>\n<option value="21">21</option>\n<option value="22">22</option>\n<option value="23">23</option>\n<option value="24">24</option>\n<option value="25">25</option>\n<option value="26">26</option>\n<option value="27">27</option>\n<option value="28">28</option>\n<option value="29">29</option>\n<option value="30">30</option>\n<option value="31" selected="selected">31</option>\n</select>\n<select name="mydate_month" id="id_mydate_month">\n<option value="1">gener</option>\n<option value="2">febrer</option>\n<option value="3">mar\xe7</option>\n<option value="4">abril</option>\n<option value="5">maig</option>\n<option value="6">juny</option>\n<option value="7">juliol</option>\n<option value="8">agost</option>\n<option value="9">setembre</option>\n<option value="10">octubre</option>\n<option value="11">novembre</option>\n<option value="12" selected="selected">desembre</option>\n</select>\n<select name="mydate_year" id="id_mydate_year">\n<option value="2009" selected="selected">2009</option>\n<option value="2010">2010</option>\n<option value="2011">2011</option>\n<option value="2012">2012</option>\n<option value="2013">2013</option>\n<option value="2014">2014</option>\n<option value="2015">2015</option>\n<option value="2016">2016</option>\n<option value="2017">2017</option>\n<option value="2018">2018</option>\n</select>',
268 288
                 SelectDateWidget(years=range(2009, 2019)).render('mydate', datetime.date(2009, 12, 31))
@@ -312,7 +332,8 @@ def test_l10n_enabled(self):
312 332
                 'float_field': u'99999.999',
313 333
                 'date_field': u'12/31/2009',
314 334
                 'datetime_field': u'12/31/2009 20:50',
315  
-                'time_field': u'20:50'
  335
+                'time_field': u'20:50',
  336
+                'integer_field': u'1234',
316 337
             })
317 338
             self.assertEqual(True, form5.is_valid())
318 339
             self.assertEqual(decimal.Decimal('66666.666'), form5.cleaned_data['decimal_field'])
@@ -320,6 +341,7 @@ def test_l10n_enabled(self):
320 341
             self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
321 342
             self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form5.cleaned_data['datetime_field'])
322 343
             self.assertEqual(datetime.time(20, 50), form5.cleaned_data['time_field'])
  344
+            self.assertEqual(1234, form5.cleaned_data['integer_field'])
323 345
 
324 346
             form6 = SelectDateForm({
325 347
                 'date_field_month': u'12',
@@ -364,15 +386,17 @@ def test_localized_input(self):
364 386
                 'name': u'acme',
365 387
                 'date_added': datetime.datetime(2009, 12, 31, 6, 0, 0),
366 388
                 'cents_payed': decimal.Decimal('59.47'),
  389
+                'products_delivered': 12000,
367 390
             })
368  
-            form6.save()
369 391
             self.assertEqual(True, form6.is_valid())
370 392
             self.assertEqual(
371 393
                 form6.as_ul(),
372  
-                u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>'
  394
+                u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>\n<li><label for="id_products_delivered">Products delivered:</label> <input type="text" name="products_delivered" value="12000" id="id_products_delivered" /></li>'
373 395
             )
374 396
             self.assertEqual(localize_input(datetime.datetime(2009, 12, 31, 6, 0, 0)), '31.12.2009 06:00:00')
375 397
             self.assertEqual(datetime.datetime(2009, 12, 31, 6, 0, 0), form6.cleaned_data['date_added'])
  398
+            settings.USE_THOUSAND_SEPARATOR = True
  399
+            self.assert_(u'12.000' in form6.as_ul())
376 400
         finally:
377 401
             deactivate()
378 402
 

0 notes on commit 0d2a24f

Please sign in to comment.
Something went wrong with that request. Please try again.