#30672: JSONField/HStoreField key and index transforms crash. ----------------------------------+------------------------------------ Reporter: felixxm | Owner: felixxm Type: Bug | Status: assigned Component: contrib.postgres | Version: master Severity: Normal | Resolution: Keywords: | Triage Stage: Accepted Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ----------------------------------+------------------------------------ Changes (by felixxm):
* version: 2.2 => master Old description: > JSONField/HStoreField key and index transforms crash when we pass > expressions with parameters, e.g. > {{{ > KeyTransform('x', RawSQL("%s::jsonb", ['{"x": "bar"}']) > }}} > this is caused by regression introduced in the last security release > 7deeabc7c7526786df6894429ce89a9c4b614086, however `KeyTransform` is > undocumented and such usage is untested. > > Crash for nested keys in > [https://github.com/django/django/blob/194d1dfc186cc8d2b35dabf64f3ed38b757cbd98/django/contrib/postgres/fields/jsonb.py#L109-L110 > KeyTransform] for `JSONField` is not a regression because it has not been > changed since its introduction. New description: JSONField/HStoreField key and index transforms crash when we pass expressions with parameters, e.g. {{{ KeyTransform('x', RawSQL("%s::jsonb", ['{"x": "bar"}']) }}} ~~this is caused by regression introduced in the last security release 7deeabc7c7526786df6894429ce89a9c4b614086~~, however `KeyTransform` is undocumented and such usage is untested. Crash for nested keys in [https://github.com/django/django/blob/194d1dfc186cc8d2b35dabf64f3ed38b757cbd98/django/contrib/postgres/fields/jsonb.py#L109-L110 KeyTransform] for `JSONField` is not a regression because it has not been changed since its introduction. -- Comment: OK, it seems that it's not a regression because these transforms crashed (when we pass expressions with parameters) even before 7deeabc7c7526786df6894429ce89a9c4b614086. Of course from a different reason. -- Ticket URL: <https://code.djangoproject.com/ticket/30672#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.2819a8297055ebcd87a08f4b66c5d139%40djangoproject.com.