#35569: Misleading ValidationError wording from `limit_choices_to` violation
-------------------------------------+-------------------------------------
Reporter: Jacob Walls | Owner: Jacob
Type: | Walls
Cleanup/optimization | Status: assigned
Component: Database layer | Version: 4.2
(models, ORM) |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Simon Charette):
* stage: Unreviewed => Accepted
Comment:
Changing the logic to disambiguate between "not exists" and "not matching"
would require a non-negligible amount of work (we'd have to annotate the
`limits_choice_to` criteria and check its value instead of simply doing
`queryset = queryset.complex_filter(...)`) and introduces undesirable
existence disclosure as you brought up.
Switching the validation error message to "not a valid choice" makes sense
though as it prevents disclosure,
[https://github.com/django/django/blob/289f48c71b0fdd058defb29879368897fb837021/django/db/models/fields/related.py#L931C5-L933
is not an invasive patch], and quite frankly is a better user error
message.
--
Ticket URL: <https://code.djangoproject.com/ticket/35569#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/010701906edaf1bd-86eb4f0e-6e65-4df8-b3c4-064bab655bdb-000000%40eu-central-1.amazonses.com.
