summaryrefslogtreecommitdiff
path: root/tests/model_forms/tests.py
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2014-12-11 08:31:03 -0500
committerTim Graham <timograham@gmail.com>2015-01-13 13:02:56 -0500
commitbcfb47780ce7caecb409a9e9c1c314266e41d392 (patch)
tree9ad5d945cdfe229070436d0e30c6078f8f454f7b /tests/model_forms/tests.py
parent818e59a3f0fbadf6c447754d202d88df025f8f2a (diff)
[1.7.x] Fixed DoS possibility in ModelMultipleChoiceField.
This is a security fix. Disclosure following shortly. Thanks Keryn Knight for the report and initial patch.
Diffstat (limited to 'tests/model_forms/tests.py')
-rw-r--r--tests/model_forms/tests.py21
1 files changed, 21 insertions, 0 deletions
diff --git a/tests/model_forms/tests.py b/tests/model_forms/tests.py
index 78c3bca416..a1871bf2bf 100644
--- a/tests/model_forms/tests.py
+++ b/tests/model_forms/tests.py
@@ -1573,6 +1573,27 @@ class ModelMultipleChoiceFieldTests(TestCase):
self.assertTrue(form.is_valid())
self.assertTrue(form.has_changed())
+ def test_show_hidden_initial_changed_queries_efficiently(self):
+ class WriterForm(forms.Form):
+ persons = forms.ModelMultipleChoiceField(
+ show_hidden_initial=True, queryset=Writer.objects.all())
+
+ writers = (Writer.objects.create(name=str(x)) for x in range(0, 50))
+ writer_pks = tuple(x.pk for x in writers)
+ form = WriterForm(data={'initial-persons': writer_pks})
+ with self.assertNumQueries(1):
+ self.assertTrue(form.has_changed())
+
+ def test_clean_does_deduplicate_values(self):
+ class WriterForm(forms.Form):
+ persons = forms.ModelMultipleChoiceField(queryset=Writer.objects.all())
+
+ person1 = Writer.objects.create(name="Person 1")
+ form = WriterForm(data={})
+ queryset = form.fields['persons'].clean([str(person1.pk)] * 50)
+ sql, params = queryset.query.sql_with_params()
+ self.assertEqual(len(params), 1)
+
class ModelOneToOneFieldTests(TestCase):
def test_modelform_onetoonefield(self):
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 00:24:27 +0000