Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Changed the comments post view code to avoid raising an exception if …

…handed invalid data for the object pk. Thanks to Leo for the test.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12800 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit e434573ef12934d8e8f77e2e794d2968dd734ded 1 parent f482984
@kmtracey kmtracey authored
View
6 django/contrib/comments/views/comments.py
@@ -1,7 +1,7 @@
from django import http
from django.conf import settings
from utils import next_redirect, confirmation_view
-from django.core.exceptions import ObjectDoesNotExist
+from django.core.exceptions import ObjectDoesNotExist, ValidationError
from django.db import models
from django.shortcuts import render_to_response
from django.template import RequestContext
@@ -62,6 +62,10 @@ def post_comment(request, next=None, using=None):
return CommentPostBadRequest(
"No object matching content-type %r and object PK %r exists." % \
(escape(ctype), escape(object_pk)))
+ except (ValueError, ValidationError), e:
+ return CommentPostBadRequest(
+ "Attempting go get content-type %r and object PK %r exists raised %s" % \
+ (escape(ctype), escape(object_pk), e.__class__.__name__))
# Do we want to preview the comment?
preview = "preview" in data
View
7 tests/regressiontests/comment_tests/fixtures/comment_tests.json
@@ -1,5 +1,12 @@
[
{
+ "model" : "comment_tests.book",
+ "pk" : 1,
+ "fields" : {
+ "dewey_decimal" : "12.34"
+ }
+ },
+ {
"model" : "comment_tests.author",
"pk" : 1,
"fields" : {
View
4 tests/regressiontests/comment_tests/models.py
@@ -28,3 +28,7 @@ class Entry(models.Model):
def __str__(self):
return self.title
+
+class Book(models.Model):
+ dewey_decimal = models.DecimalField(primary_key = True, decimal_places=2, max_digits=5)
+
View
33 tests/regressiontests/comment_tests/tests/comment_view_tests.py
@@ -3,7 +3,7 @@
from django.contrib.auth.models import User
from django.contrib.comments import signals
from django.contrib.comments.models import Comment
-from regressiontests.comment_tests.models import Article
+from regressiontests.comment_tests.models import Article, Book
from regressiontests.comment_tests.tests import CommentTestCase
post_redirect_re = re.compile(r'^http://testserver/posted/\?c=(?P<pk>\d+$)')
@@ -45,6 +45,22 @@ def testPostCommentBadObjectPK(self):
response = self.client.post("/post/", data)
self.assertEqual(response.status_code, 400)
+ def testPostInvalidIntegerPK(self):
+ a = Article.objects.get(pk=1)
+ data = self.getValidData(a)
+ data["comment"] = "This is another comment"
+ data["object_pk"] = u'\ufffd'
+ response = self.client.post("/post/", data)
+ self.assertEqual(response.status_code, 400)
+
+ def testPostInvalidDecimalPK(self):
+ b = Book.objects.get(pk='12.34')
+ data = self.getValidData(b)
+ data["comment"] = "This is another comment"
+ data["object_pk"] = 'cookies'
+ response = self.client.post("/post/", data)
+ self.assertEqual(response.status_code, 400)
+
def testCommentPreview(self):
a = Article.objects.get(pk=1)
data = self.getValidData(a)
@@ -187,11 +203,11 @@ def testCommentNext(self):
location = response["Location"]
match = post_redirect_re.match(location)
self.failUnless(match != None, "Unexpected redirect location: %s" % location)
-
+
data["next"] = "/somewhere/else/"
data["comment"] = "This is another comment"
response = self.client.post("/post/", data)
- location = response["Location"]
+ location = response["Location"]
match = re.search(r"^http://testserver/somewhere/else/\?c=\d+$", location)
self.failUnless(match != None, "Unexpected redirect location: %s" % location)
@@ -199,7 +215,7 @@ def testCommentDoneView(self):
a = Article.objects.get(pk=1)
data = self.getValidData(a)
response = self.client.post("/post/", data)
- location = response["Location"]
+ location = response["Location"]
match = post_redirect_re.match(location)
self.failUnless(match != None, "Unexpected redirect location: %s" % location)
pk = int(match.group('pk'))
@@ -216,14 +232,14 @@ def testCommentNextWithQueryString(self):
data["next"] = "/somewhere/else/?foo=bar"
data["comment"] = "This is another comment"
response = self.client.post("/post/", data)
- location = response["Location"]
+ location = response["Location"]
match = re.search(r"^http://testserver/somewhere/else/\?foo=bar&c=\d+$", location)
self.failUnless(match != None, "Unexpected redirect location: %s" % location)
- def testCommentDoneReSubmitWithInvalidParams(self):
+ def testCommentPostRedirectWithInvalidIntegerPK(self):
"""
- Tests that attempting to retrieve the location specified in the
- post redirect, after adding some invalid data to the expected
+ Tests that attempting to retrieve the location specified in the
+ post redirect, after adding some invalid data to the expected
querystring it ends with, doesn't cause a server error.
"""
a = Article.objects.get(pk=1)
@@ -234,3 +250,4 @@ def testCommentDoneReSubmitWithInvalidParams(self):
broken_location = location + u"\ufffd"
response = self.client.get(broken_location)
self.assertEqual(response.status_code, 200)
+
Please sign in to comment.
Something went wrong with that request. Please try again.