#31459: URL path parameter regex too lenient.
-------------------------------------+-------------------------------------
Reporter: Adam (Chainz) | Owner: Adam
Johnson | (Chainz) Johnson
Type: Bug | Status: assigned
Component: Core (URLs) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by felixxm):
* owner: nobody => Adam (Chainz) Johnson
* stage: Unreviewed => Accepted
Old description:
> A [user on the Django forum](https://forum.djangoproject.com/t
> /noreversematcherror-path-and-args-vs-kwargs/1923) tried to configure a
> URL like `books/<int:book.id>/`. This was successfully parsed as a URL,
> but no converters applied.
>
> This is because the left hand side of the regex for finding path
> parameter syntax looks for converter names with "anything not a colon or
> >". But the right hand side matches only word characters.
>
> If we matched "anything not a >", then the attempted parameter would have
> been matched, and "book.id" would have hit the guard we have for invalid
> identifiers, with a message like:
>
> > "URL route 'books/<int:book.id>/' uses parameter name 'bookid' which
> isn't a valid Python identifier."
New description:
A [https://forum.djangoproject.com/t/noreversematcherror-path-and-args-vs-
kwargs/1923 user on the Django forum] tried to configure a URL like
`books/<int:book.id>/`. This was successfully parsed as a URL, but no
converters applied.
This is because the left hand side of the regex for finding path parameter
syntax looks for converter names with "anything not a colon or >". But the
right hand side matches only word characters.
If we matched "anything not a >", then the attempted parameter would have
been matched, and "book.id" would have hit the guard we have for invalid
identifiers, with a message like:
> "URL route 'books/<int:book.id>/' uses parameter name 'book.id' which
isn't a valid Python identifier."
--
Comment:
[https://github.com/django/django/pull/12710 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/31459#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/068.096c16da723964ae3d108df1c82dbc35%40djangoproject.com.
