#35172: intcomma patch in CVE-2024-24680 causing leading comma when provided string-based 3-digit number with at least 1 decimal place -------------------------------------+------------------------------------- Reporter: Warwick | Owner: nobody Brown | Type: | Status: new Uncategorized | Component: | Version: 4.2 contrib.humanize | Keywords: humanize intcomma Severity: Normal | comma decimal places Triage Stage: | Has patch: 0 Unreviewed | Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 0 UI/UX: 0 | -------------------------------------+------------------------------------- I'm running (4, 2, 10, 'final', 0)
Just discovered that the patch to intcomma made in CVE-2024-24680 is causing numbers to appear with a leading comma when they're 3 digits (ie between 100 and 999) with at least 1 decimal place {{{#!python In [34]: intcomma('111') Out[34]: '111' In [35]: intcomma('111.1') Out[35]: ',111.1' In [36]: intcomma('99.1') Out[36]: '99.1' In [37]: intcomma('999.1') Out[37]: ',999.1' }}} I note there doesn't appear to be a test in `tests/humanize_tests/tests.py` for the case of a string "111.1" I encountered this because I use `{{ price|floatformat:2|intcomma }}` in templates, thus floatformat is providing a string to intcomma. -- Ticket URL: <https://code.djangoproject.com/ticket/35172> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/0107018d81c9f3c3-18724ff2-d120-4b59-b4ef-9633a8792c63-000000%40eu-central-1.amazonses.com.