#35845: DomainNameValidator accepts any string if it contains a valid domain
----------------------------+-----------------------------------------
Reporter: kazet | Type: Uncategorized
Status: new | Component: Uncategorized
Version: 5.1 | Severity: Normal
Keywords: validators | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
----------------------------+-----------------------------------------
Minimal example to reproduce:
{{{
kazet@b:~$ docker run -it python:latest bash
proot@80443b364903:/# pip install django
Collecting django
Downloading Django-5.1.2-py3-none-any.whl.metadata (4.2 kB)
Collecting asgiref<4,>=3.8.1 (from django)
Downloading asgiref-3.8.1-py3-none-any.whl.metadata (9.3 kB)
Collecting sqlparse>=0.3.1 (from django)
Downloading sqlparse-0.5.1-py3-none-any.whl.metadata (3.9 kB)
Downloading Django-5.1.2-py3-none-any.whl (8.3 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 8.3/8.3 MB 17.9 MB/s eta
0:00:00
Downloading asgiref-3.8.1-py3-none-any.whl (23 kB)
Downloading sqlparse-0.5.1-py3-none-any.whl (44 kB)
Installing collected packages: sqlparse, asgiref, django
Successfully installed asgiref-3.8.1 django-5.1.2 sqlparse-0.5.1
WARNING: Running pip as the 'root' user can result in broken permissions
and conflicting behaviour with the system package manager, possibly
rendering your system unusable.It is recommended to use a virtual
environment instead: https://pip.pypa.io/warnings/venv. Use the --root-
user-action option if you know what you are doing and want to suppress
this warning.
root@80443b364903:/# python3
Python 3.13.0 (main, Oct 8 2024, 00:06:32) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from django.core.validators import DomainNameValidator
>>> DomainNameValidator()("invalid domain") # that works correctly
Traceback (most recent call last):
File "<python-input-1>", line 1, in <module>
DomainNameValidator()("invalid domain") # that works correctly
~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.13/site-
packages/django/core/validators.py", line 120, in __call__
super().__call__(value)
~~~~~~~~~~~~~~~~^^^^^^^
File "/usr/local/lib/python3.13/site-
packages/django/core/validators.py", line 55, in __call__
raise ValidationError(self.message, code=self.code, params={"value":
value})
django.core.exceptions.ValidationError: <exception str() failed>
>>> DomainNameValidator()("invalid domain @#$#$^%#@@ but we appended a
correct domain at the end: example.com") # that doesn't
>>>
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/35845>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070192941399c6-484e3418-839c-4bd0-99b4-cb3dd25c7627-000000%40eu-central-1.amazonses.com.
