andreirk / django-hotclub

Automatically exported from code.google.com/p/django-hotclub
0 stars 0 forks source link

open id admin bombs int(username) #188

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. select "add user open id": /admin/django_openidauth/useropenid/add/
2. enter username, open id URL, date, time
3. press Save

What is the expected output? What do you see instead?
got traceback
 Exception Type:    ValueError
 Exception Value:       invalid literal for int() with base 10: 'peabo'
 Exception Location:  
/usr/lib/python2.5/site-packages/django/db/models/fields/__init__.py in
get_db_prep_value, line 353

It is trying to convert the name from the form field to an integer, and in
fact the procedure works if I enter the field auth_user.id (3 in this case)
instead of the username into the form.

furtherdown in the traceback we see:

#  /usr/lib/python2.5/site-packages/django/forms/forms.py in full_clean

 224. # widgets split data over several HTML fields.
 225. value = field.widget.value_from_datadict(self.data, self.files,
self.add_prefix(name))
 226. try:
 227. if isinstance(field, FileField):
 228. initial = self.initial.get(name, field.initial)
 229. value = field.clean(value, initial)
 230. else:

 231. value = field.clean(value) ...

 232. self.cleaned_data[name] = value
 233. if hasattr(self, 'clean_%s' % name):
 234. value = getattr(self, 'clean_%s' % name)()
 235. self.cleaned_data[name] = value
 236. except ValidationError, e:
 237. self._errors[name] = e.messages

▼ Local vars
Variable    Value
field   
<django.forms.models.ModelChoiceField object at 0x2a52150>
name    
'user'
self    
<django.forms.models.UserOpenIDForm object at 0x2acf610>
value   
u'peabo'
# /usr/lib/python2.5/site-packages/django/forms/models.py in clean

 697.
 698. def clean(self, value):
 699. Field.clean(self, value)
 700. if value in EMPTY_VALUES:
 701. return None
 702. try:
 703. key = self.to_field_name or 'pk'

 704. value = self.queryset.get(**{key: value}) ...

 705. except self.queryset.model.DoesNotExist:
 706. raise ValidationError(self.error_messages['invalid_choice'])
 707. return value
 708.
 709. class ModelMultipleChoiceField(ModelChoiceField):
 710. """A MultipleChoiceField whose choices are a model QuerySet."""

▼ Local vars
Variable    Value
key     
'id'
self    
<django.forms.models.ModelChoiceField object at 0x2a52150>
value   
u'peabo'

Some logic is changing name 'user' value u'peabo' to key 'id' value
u'peabo', whereas it should be using key 'username'.

What version of the product are you using? On what operating system?
download of package pinax-0.5.1.tar.gz; Ubuntu 6.06

Please provide any additional information below.
should I be downloading the latest source and tracking patches at this point?

Original issue reported on code.google.com by pe...@fsf.org on 26 Feb 2009 at 8:45

GoogleCodeExporter commented 9 years ago

Original comment by pyDanny on 13 Mar 2009 at 4:38

GoogleCodeExporter commented 9 years ago

Original comment by pyDanny on 31 Mar 2009 at 8:14