Just discovered that the patch to intcomma made in CVE-2024-24680 is
causing numbers to appear with a leading comma when they're 3 digits (ie
between 100 and 999) with at least 1 decimal place
{{{#!python
In [34]: intcomma('111')
Out[34]: '111'
In [35]: intcomma('111.1')
Out[35]: ',111.1'
In [36]: intcomma('99.1')
Out[36]: '99.1'
In [37]: intcomma('999.1')
Out[37]: ',999.1'
}}}
I note there doesn't appear to be a test in
`tests/humanize_tests/tests.py` for the case of a string "111.1"
I encountered this because I use `{{ price|floatformat:2|intcomma }}` in
templates, thus floatformat is providing a string to intcomma.
--
Ticket URL: <https://code.djangoproject.com/ticket/35172>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* type: Uncategorized => Bug
--
Ticket URL: <https://code.djangoproject.com/ticket/35172#comment:1>