[Django] #22303: Have get_object_or_404 check catch ValueError

33 views
Skip to first unread message

Django

unread,
Mar 21, 2014, 9:16:53 AM3/21/14
to django-...@googlegroups.com
#22303: Have get_object_or_404 check catch ValueError
-------------------------------+--------------------
Reporter: eddie@… | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.6
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
A pretty simple change, but one that I would find very helpful in
production use. Basically, get_object_or_404 catches
queryset.model.DoesNotExist and turns that into Http404, and I think it
would be helpful if it also caught ValueError to handle the case where the
passed in parameter is not valid for the field (like if it's a string and
the field type is Integer, for example).

{{{#!python
from django.shortcuts import get_object_or_404
from django.db.models.base import ModelBase
from django.contrib.contenttypes.models import ContentType

def test_get_object_or_404():
# print "<ContentType: content type>"
print get_object_or_404(ContentType, id='1')

# raise Http404: No ContentType matches the given query.
print get_object_or_404(ContentType, id='123456789')

# raise ValueError: invalid literal for int() with base 10: '123a'
print get_object_or_404(ContentType(), id='123a')
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/22303>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Mar 21, 2014, 4:24:46 PM3/21/14
to django-...@googlegroups.com
#22303: Have get_object_or_404 check catch ValueError
-------------------------------+--------------------------------------
Reporter: eddie@… | Owner: nobody
Type: New feature | Status: closed
Component: Uncategorized | Version: 1.6
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by charettes):

* status: new => closed
* needs_better_patch: => 0
* resolution: => wontfix
* needs_tests: => 0
* needs_docs: => 0
* type: Uncategorized => New feature


Comment:

I think cloaking `ValueError` at queryset creation time would cause more
more harm than good.

Django already provides a way to sanitize/validate user input through
forms. URL patterns can also provide an extra layer of data validation.

You should make sure your lookup values have been cleaned up before using
them. The third party app [https://github.com/alex/django-filter django-
filter] does a good job at this.

--
Ticket URL: <https://code.djangoproject.com/ticket/22303#comment:1>

Reply all
Reply to author
Forward
0 new messages