As the documentation points out, ModelForm avoids implicitly adding fields to a form when you haven't told it to, and does so for security reasons. Mass-assignment bugs have caused significant security issues in the past for other systems which *did* implicitly support/add fields, and I'd like to keep Django from doing that.
So if the proposal is just that any field with required=True is implicitly included, I'd be against it. Similarly, I think it would complicate the API too much to add support for some kind of "__all_required__" special declaration. I would suggest there's value in figuring out a way to either have ModelForm raise some type of ignorable warning, or maybe having the system-check framework warn you, if you do have a ModelForm that doesn't include a required field, though. -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAL13Cg-EJYA7NAzPb%2BpQOR_Ywuzo5A_%3DBGJBS5CYd-J0SoKhSQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
