#24605: Database identifiers are not properly escaped in some queries
-------------------------------------+-------------------------------------
Reporter: kurevin | Owner:
| priidukull
Type: Bug | Status: assigned
Component: Database layer | Version: 1.7
(models, ORM) |
Severity: Release blocker | Resolution:
Keywords: regression, | Triage Stage: Accepted
database |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by priidukull):
I have reproduced the issue by having added the following lines into the
tests.queries module:
tests.py:
{{{
class TestTicket24605(TestCase):
def test_ticket_24605(self):
results = Amodel.objects.exclude(bmodel__id=False,
cmodel__isnull=True)
self.assertEqual(0, len(results))
}}}
models.py:
{{{
class Bmodel(models.Model):
id = models.AutoField(primary_key=True)
is_active = models.BooleanField()
class Meta:
db_table = 'Bmodel'
class Amodel(models.Model):
active = models.BooleanField()
bmodel = models.ForeignKey(Bmodel, related_name='Amodel_bmodel')
class Meta:
db_table = 'Amodel'
class Cmodel(models.Model):
amodel = models.ForeignKey(Amodel)
class Meta:
db_table = 'Cmodel'
}}}
However, the test does not fail every time it runs. I have run the test
for 100 consecutive times twice. Passed 42 times the first time I ran it
and 45 times the second time I ran it. Whether the test fails or passes
depends on in which order the children of the Q-object are iterated over.
The test fails if the order of {{{q_object.children}}} is:
{{{('bmodel__id', False), ('cmodel__isnull', True) }}}
and passes when the order is inverse.
The order of q_object children is determined in the method
{{{Q.__init__()}}}
{{{ super(Q, self).__init__(children=list(args) +
list(six.iteritems(kwargs))) }}}
--
Ticket URL: <https://code.djangoproject.com/ticket/24605#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.f535fb285bf8d16209326bc48e079d1b%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.