Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #12779 - Sanitize numeric form field input according to decimal…

… and thousand separator settings.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12625 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 0d2a24fd4234d2c6551179b1ef4694229602ba90 1 parent 284e7e3
Jannis Leidel jezdez authored
21 django/forms/fields.py
View
@@ -17,9 +17,9 @@
from django.core.exceptions import ValidationError
from django.core import validators
import django.utils.copycompat as copy
+from django.utils import formats
from django.utils.translation import ugettext_lazy as _
from django.utils.encoding import smart_unicode, smart_str
-from django.utils.formats import get_format
from django.utils.functional import lazy
# Provide this import for backwards compatibility.
@@ -213,7 +213,7 @@ def to_python(self, value):
value = super(IntegerField, self).to_python(value)
if value in validators.EMPTY_VALUES:
return None
-
+ value = formats.sanitize_separators(value)
try:
value = int(str(value))
except (ValueError, TypeError):
@@ -233,11 +233,9 @@ def to_python(self, value):
value = super(IntegerField, self).to_python(value)
if value in validators.EMPTY_VALUES:
return None
-
+ value = formats.sanitize_separators(value)
try:
- # We always accept dot as decimal separator
- if isinstance(value, str) or isinstance(value, unicode):
- value = float(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
+ value = float(value)
except (ValueError, TypeError):
raise ValidationError(self.error_messages['invalid'])
return value
@@ -270,11 +268,10 @@ def to_python(self, value):
"""
if value in validators.EMPTY_VALUES:
return None
+ value = formats.sanitize_separators(value)
value = smart_str(value).strip()
try:
- # We always accept dot as decimal separator
- if isinstance(value, str) or isinstance(value, unicode):
- value = Decimal(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
+ value = Decimal(value)
except DecimalException:
raise ValidationError(self.error_messages['invalid'])
return value
@@ -329,7 +326,7 @@ def to_python(self, value):
return value.date()
if isinstance(value, datetime.date):
return value
- for format in self.input_formats or get_format('DATE_INPUT_FORMATS'):
+ for format in self.input_formats or formats.get_format('DATE_INPUT_FORMATS'):
try:
return datetime.date(*time.strptime(value, format)[:3])
except ValueError:
@@ -355,7 +352,7 @@ def to_python(self, value):
return None
if isinstance(value, datetime.time):
return value
- for format in self.input_formats or get_format('TIME_INPUT_FORMATS'):
+ for format in self.input_formats or formats.get_format('TIME_INPUT_FORMATS'):
try:
return datetime.time(*time.strptime(value, format)[3:6])
except ValueError:
@@ -389,7 +386,7 @@ def to_python(self, value):
if len(value) != 2:
raise ValidationError(self.error_messages['invalid'])
value = '%s %s' % tuple(value)
- for format in self.input_formats or get_format('DATETIME_INPUT_FORMATS'):
+ for format in self.input_formats or formats.get_format('DATETIME_INPUT_FORMATS'):
try:
return datetime.datetime(*time.strptime(value, format)[:6])
except ValueError:
19 django/utils/formats.py
View
@@ -109,3 +109,22 @@ def localize_input(value, default=None):
format = smart_str(default or get_format('TIME_INPUT_FORMATS')[0])
return value.strftime(format)
return value
+
+def sanitize_separators(value):
+ """
+ Sanitizes a value according to the current decimal and
+ thousand separator setting. Used with form field input.
+ """
+ if settings.USE_L10N:
+ decimal_separator = get_format('DECIMAL_SEPARATOR')
+ if isinstance(value, basestring):
+ parts = []
+ if decimal_separator in value:
+ value, decimals = value.split(decimal_separator, 1)
+ parts.append(decimals)
+ if settings.USE_THOUSAND_SEPARATOR:
+ parts.append(value.replace(get_format('THOUSAND_SEPARATOR'), ''))
+ else:
+ parts.append(value)
+ value = '.'.join(reversed(parts))
+ return value
1  tests/regressiontests/i18n/forms.py
View
@@ -8,6 +8,7 @@ class I18nForm(forms.Form):
date_field = forms.DateField()
datetime_field = forms.DateTimeField()
time_field = forms.TimeField()
+ integer_field = forms.IntegerField()
class SelectDateForm(forms.Form):
date_field = forms.DateField(widget=SelectDateWidget)
1  tests/regressiontests/i18n/models.py
View
@@ -9,6 +9,7 @@ class Company(models.Model):
name = models.CharField(max_length=50)
date_added = models.DateTimeField(default=datetime(1799,1,31,23,59,59,0))
cents_payed = models.DecimalField(max_digits=4, decimal_places=2)
+ products_delivered = models.IntegerField()
__test__ = {'API_TESTS': '''
>>> tm = TestModel()
66 tests/regressiontests/i18n/tests.py
View
@@ -103,9 +103,9 @@ def test_to_language(self):
class FormattingTests(TestCase):
def setUp(self):
- self._use_i18n = settings.USE_I18N
- self._use_l10n = settings.USE_L10N
- self._use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
+ self.use_i18n = settings.USE_I18N
+ self.use_l10n = settings.USE_L10N
+ self.use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
self.n = decimal.Decimal('66666.666')
self.f = 99999.999
self.d = datetime.date(2009, 12, 31)
@@ -121,9 +121,9 @@ def setUp(self):
def tearDown(self):
# Restore defaults
- settings.USE_I18N = self._use_i18n
- settings.USE_L10N = self._use_l10n
- settings.USE_THOUSAND_SEPARATOR = self._use_thousand_separator
+ settings.USE_I18N = self.use_i18n
+ settings.USE_L10N = self.use_l10n
+ settings.USE_THOUSAND_SEPARATOR = self.use_thousand_separator
def test_locale_independent(self):
"""
@@ -179,13 +179,15 @@ def test_l10n_disabled(self):
'float_field': u'99999,999',
'date_field': u'31/12/2009',
'datetime_field': u'31/12/2009 20:50',
- 'time_field': u'20:50'
+ 'time_field': u'20:50',
+ 'integer_field': u'1.234',
})
self.assertEqual(False, form.is_valid())
self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['float_field'])
self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['decimal_field'])
self.assertEqual([u'Introdu\xefu una data v\xe0lida.'], form.errors['date_field'])
self.assertEqual([u'Introdu\xefu una data/hora v\xe0lides.'], form.errors['datetime_field'])
+ self.assertEqual([u'Introdu\xefu un n\xfamero sencer.'], form.errors['integer_field'])
form2 = SelectDateForm({
'date_field_month': u'12',
@@ -231,6 +233,22 @@ def test_l10n_enabled(self):
self.assertEqual(u'66.666,666', Template('{{ n }}').render(self.ctxt))
self.assertEqual(u'99.999,999', Template('{{ f }}').render(self.ctxt))
+ form3 = I18nForm({
+ 'decimal_field': u'66.666,666',
+ 'float_field': u'99.999,999',
+ 'date_field': u'31/12/2009',
+ 'datetime_field': u'31/12/2009 20:50',
+ 'time_field': u'20:50',
+ 'integer_field': u'1.234',
+ })
+ self.assertEqual(True, form3.is_valid())
+ self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
+ self.assertEqual(99999.999, form3.cleaned_data['float_field'])
+ self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
+ self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
+ self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
+ self.assertEqual(1234, form3.cleaned_data['integer_field'])
+
settings.USE_THOUSAND_SEPARATOR = False
self.assertEqual(u'66666,666', Template('{{ n }}').render(self.ctxt))
self.assertEqual(u'99999,999', Template('{{ f }}').render(self.ctxt))
@@ -242,27 +260,29 @@ def test_l10n_enabled(self):
self.assertEqual(u'31/12/2009', Template('{{ d|date:"SHORT_DATE_FORMAT" }}').render(self.ctxt))
self.assertEqual(u'31/12/2009 20:50', Template('{{ dt|date:"SHORT_DATETIME_FORMAT" }}').render(self.ctxt))
- form3 = I18nForm({
+ form4 = I18nForm({
'decimal_field': u'66666,666',
'float_field': u'99999,999',
'date_field': u'31/12/2009',
'datetime_field': u'31/12/2009 20:50',
- 'time_field': u'20:50'
+ 'time_field': u'20:50',
+ 'integer_field': u'1234',
})
- self.assertEqual(True, form3.is_valid())
- self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
- self.assertEqual(99999.999, form3.cleaned_data['float_field'])
- self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
- self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
- self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
+ self.assertEqual(True, form4.is_valid())
+ self.assertEqual(decimal.Decimal('66666.666'), form4.cleaned_data['decimal_field'])
+ self.assertEqual(99999.999, form4.cleaned_data['float_field'])
+ self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
+ self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form4.cleaned_data['datetime_field'])
+ self.assertEqual(datetime.time(20, 50), form4.cleaned_data['time_field'])
+ self.assertEqual(1234, form4.cleaned_data['integer_field'])
- form4 = SelectDateForm({
+ form5 = SelectDateForm({
'date_field_month': u'12',
'date_field_day': u'31',
'date_field_year': u'2009'
})
- self.assertEqual(True, form4.is_valid())
- self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
+ self.assertEqual(True, form5.is_valid())
+ self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
self.assertEqual(
u'<select name="mydate_day" id="id_mydate_day">\n<option value="1">1</option>\n<option value="2">2</option>\n<option value="3">3</option>\n<option value="4">4</option>\n<option value="5">5</option>\n<option value="6">6</option>\n<option value="7">7</option>\n<option value="8">8</option>\n<option value="9">9</option>\n<option value="10">10</option>\n<option value="11">11</option>\n<option value="12">12</option>\n<option value="13">13</option>\n<option value="14">14</option>\n<option value="15">15</option>\n<option value="16">16</option>\n<option value="17">17</option>\n<option value="18">18</option>\n<option value="19">19</option>\n<option value="20">20</option>\n<option value="21">21</option>\n<option value="22">22</option>\n<option value="23">23</option>\n<option value="24">24</option>\n<option value="25">25</option>\n<option value="26">26</option>\n<option value="27">27</option>\n<option value="28">28</option>\n<option value="29">29</option>\n<option value="30">30</option>\n<option value="31" selected="selected">31</option>\n</select>\n<select name="mydate_month" id="id_mydate_month">\n<option value="1">gener</option>\n<option value="2">febrer</option>\n<option value="3">mar\xe7</option>\n<option value="4">abril</option>\n<option value="5">maig</option>\n<option value="6">juny</option>\n<option value="7">juliol</option>\n<option value="8">agost</option>\n<option value="9">setembre</option>\n<option value="10">octubre</option>\n<option value="11">novembre</option>\n<option value="12" selected="selected">desembre</option>\n</select>\n<select name="mydate_year" id="id_mydate_year">\n<option value="2009" selected="selected">2009</option>\n<option value="2010">2010</option>\n<option value="2011">2011</option>\n<option value="2012">2012</option>\n<option value="2013">2013</option>\n<option value="2014">2014</option>\n<option value="2015">2015</option>\n<option value="2016">2016</option>\n<option value="2017">2017</option>\n<option value="2018">2018</option>\n</select>',
SelectDateWidget(years=range(2009, 2019)).render('mydate', datetime.date(2009, 12, 31))
@@ -312,7 +332,8 @@ def test_l10n_enabled(self):
'float_field': u'99999.999',
'date_field': u'12/31/2009',
'datetime_field': u'12/31/2009 20:50',
- 'time_field': u'20:50'
+ 'time_field': u'20:50',
+ 'integer_field': u'1234',
})
self.assertEqual(True, form5.is_valid())
self.assertEqual(decimal.Decimal('66666.666'), form5.cleaned_data['decimal_field'])
@@ -320,6 +341,7 @@ def test_l10n_enabled(self):
self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form5.cleaned_data['datetime_field'])
self.assertEqual(datetime.time(20, 50), form5.cleaned_data['time_field'])
+ self.assertEqual(1234, form5.cleaned_data['integer_field'])
form6 = SelectDateForm({
'date_field_month': u'12',
@@ -364,15 +386,17 @@ def test_localized_input(self):
'name': u'acme',
'date_added': datetime.datetime(2009, 12, 31, 6, 0, 0),
'cents_payed': decimal.Decimal('59.47'),
+ 'products_delivered': 12000,
})
- form6.save()
self.assertEqual(True, form6.is_valid())
self.assertEqual(
form6.as_ul(),
- u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>'
+ u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>\n<li><label for="id_products_delivered">Products delivered:</label> <input type="text" name="products_delivered" value="12000" id="id_products_delivered" /></li>'
)
self.assertEqual(localize_input(datetime.datetime(2009, 12, 31, 6, 0, 0)), '31.12.2009 06:00:00')
self.assertEqual(datetime.datetime(2009, 12, 31, 6, 0, 0), form6.cleaned_data['date_added'])
+ settings.USE_THOUSAND_SEPARATOR = True
+ self.assert_(u'12.000' in form6.as_ul())
finally:
deactivate()
Please sign in to comment.
Something went wrong with that request. Please try again.