Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why the exception VersionError is raised for invalid value in hidden field "version" in forms? #238

Closed
tomas-zemres opened this issue Apr 12, 2022 · 1 comment
Closed

Why the exception VersionError is raised for invalid value in hidden field "version" in forms? #238

tomas-zemres opened this issue Apr 12, 2022 · 1 comment

Comments

@tomas-zemres
Copy link

When we run security scans on the form that uses "django-concurrency form"
then the logs are polluted with messages like:
ERROR (django.security.VersionError) -5 OR 425=(SELECT 709 FROM PG_SLEEP(15))
ERROR (django.security.VersionError) ... or other non numer values ...

Why is not called "super().to_python(...)" in VersionField.to_python so that Integer validation is applied there?
the exception VersionError is raised instead for all non-numeric values there:

django-concurrency/src/concurrency/forms.py

Line 123 in f94fcf7

raise VersionError(value)

Why is not raised ValidationError there (as for other invalid fields)?
@domdinicola domdinicola mentioned this issue Apr 13, 2022
Open
@domdinicola
Copy link
Collaborator

@tomas-zemres what do you think about the related PR?

@saxix saxix closed this as completed Jan 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@saxix @tomas-zemres @domdinicola