Requesting help - validation on inlineformset_factory instance with invalid data in email field hanging application.

24 views
Skip to first unread message

Rebekah

unread,
Jan 8, 2010, 1:42:08 PM1/8/10
to Django developers
Hi,

I've searched but don't seem to see anyone else experiencing this
issue. I think it must be a django bug, I just want to know is this a
known issue, and if so, if there is a patch already in the works.

I have a view which displays a form and inline formset for user and
profile model data. The problem I am having is with the email field
validation. For simple problems, it works just fine (e.g. entering
"becky" will return a validation error, but entering
"be...@example.com" is valid). But when I was testing, I discovered
that entering "be...@instansa.commmmmmmmmmmmmmmmmm" causes the
application to hang, requiring a restart of the web server. There are
no errors, it just looks like it's stuck in a loop. This occurs
somewhere within the is_valid() call on the profile formset.

Here's the relevant part of the view code:

user = User.objects.get(pk=request.user.pk)
user_profile = UserProfile.objects.get_or_create(user = user)
ProfileInlineFormset = inlineformset_factory(User,
UserProfile,
can_delete=False,

form=instansa_forms.ProfileForm)
rDict = {}
rDict['user'] = user
rDict['title'] = 'Settings'
rDict['request'] = request

error = None
message = None

if request.method == "POST":
print "this is a post"
SettingsForm = instansa_forms.SettingsForm(request.POST,
instance=user)
ProfileFormset = ProfileInlineFormset(request.POST,
request.FILES, instance=user)

print "about to validate"
if SettingsForm.is_valid():
print "valid settings"
if ProfileFormset.is_valid():
print "valid profile"

This is the relevant part of forms.py:

class ProfileForm(forms.ModelForm):
email_to_display = forms.EmailField(required=False, max_length=75,
widget=forms.TextInput(attrs={'size':'75'}), help_text='This email
address will be displayed as a link on your Ask page.')
phone_to_display = forms.CharField(required=False, help_text='This
phone number will be displayed on your Ask page.')
phone_admin = forms.CharField(required=False, label='Phone for
admin', help_text='This phone number is not displayed. For use only by
Instansa in administration of your account.')
company_name = forms.CharField(required=False,
widget=forms.TextInput(attrs={'size':'50'}))
url = forms.URLField(required=False, widget=forms.TextInput(attrs=
{'size':'50'}), label='Website URL', help_text='A link to this URL
will be displayed on your Ask page to direct your customers back to
your website.')
ask_prompt = forms.CharField(required=False, widget=forms.TextInput
(attrs={'size':'50'}), help_text='100 characters or fewer. A helpful
prompt displayed above the question field on your Ask page to help
users.')
class Meta:
model = UserProfile
fields=
('email_to_display','phone_admin','phone_to_display','company_name','url','ask_prompt')

and this is how the email form is set up in models.py (though this
error occurs when validating the standard user email as well.)

email_to_display = models.EmailField(blank=True, max_length=75)

Any insight into this problem, and a simple workaround will be greatly
appreciated! Forgive me if I have omitted any useful information.

Thanks,
Becky

Robert Eanes

unread,
Jan 8, 2010, 1:53:20 PM1/8/10
to django-d...@googlegroups.com
Sounds like you are getting caught by this issue: http://www.djangoproject.com/weblog/2009/oct/09/security/
You should make sure you are using django 1.1.1 or 1.0.4, which have fixes for it.

> --
> You received this message because you are subscribed to the Google Groups "Django developers" group.
> To post to this group, send email to django-d...@googlegroups.com.
> To unsubscribe from this group, send email to django-develop...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
>
>

Karen Tracey

unread,
Jan 8, 2010, 1:53:34 PM1/8/10
to django-d...@googlegroups.com
On Fri, Jan 8, 2010 at 1:42 PM, Rebekah <ras...@gmail.com> wrote:
I've searched but don't seem to see anyone else experiencing this
issue.  I think it must be a django bug, I just want to know is this a
known issue, and if so, if there is a patch already in the works.

I have a view which displays a form and inline formset for user and
profile model data. The problem I am having is with the email field
validation. For simple problems, it works just fine (e.g. entering
"becky" will return a validation error, but entering
"be...@example.com" is valid).  But when I was testing, I discovered
that entering "be...@instansa.commmmmmmmmmmmmmmmmm" causes the
application to hang, requiring a restart of the web server. There are
no errors, it just looks like it's stuck in a loop. This occurs
somewhere within the is_valid() call on the profile formset.


What level of Django are you running?  This sounds much like the problem that triggered the release of 1.1.1 and 1.0.4:

http://www.djangoproject.com/weblog/2009/oct/09/security/

So if you are running anything earlier than those, the first step would be to update to a release that contains that fix.

Karen

Rebekah

unread,
Jan 8, 2010, 6:28:50 PM1/8/10
to Django developers
Thanks Karen and Robert, you both rock! I put in the patch and it's
fixed :)

On Jan 8, 1:53 pm, Karen Tracey <kmtra...@gmail.com> wrote:

Reply all
Reply to author
Forward
0 new messages