#35172: intcomma patch in CVE-2024-24680 causing leading comma when provided
string-based 3-digit number with at least 1 decimal place
-------------------------------------+-------------------------------------
Reporter: Warwick | Owner: nobody
Brown |
Type: | Status: new
Uncategorized |
Component: | Version: 4.2
contrib.humanize | Keywords: humanize intcomma
Severity: Normal | comma decimal places
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
I'm running (4, 2, 10, 'final', 0)
Just discovered that the patch to intcomma made in CVE-2024-24680 is
causing numbers to appear with a leading comma when they're 3 digits (ie
between 100 and 999) with at least 1 decimal place
{{{#!python
In [34]: intcomma('111')
Out[34]: '111'
In [35]: intcomma('111.1')
Out[35]: ',111.1'
In [36]: intcomma('99.1')
Out[36]: '99.1'
In [37]: intcomma('999.1')
Out[37]: ',999.1'
}}}
I note there doesn't appear to be a test in
`tests/humanize_tests/tests.py` for the case of a string "111.1"
I encountered this because I use `{{ price|floatformat:2|intcomma }}` in
templates, thus floatformat is providing a string to intcomma.
--
Ticket URL: <https://code.djangoproject.com/ticket/35172>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018d81c9f3c3-18724ff2-d120-4b59-b4ef-9633a8792c63-000000%40eu-central-1.amazonses.com.
