[Django] #31459: URL path parameter regex too lenient
Django
-------------------------------------+-------------------------------------
Reporter: Adam | Owner: nobody
(Chainz) Johnson |
Type: Bug | Status: assigned
Component: Core | Version: master
(URLs) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
A [user on the Django forum](https://forum.djangoproject.com/t
/noreversematcherror-path-and-args-vs-kwargs/1923) tried to configure a
URL like `books/<int:book.id>/`. This was successfully parsed as a URL,
but no converters applied.
This is because the left hand side of the regex for finding path parameter
syntax looks for converter names with "anything not a colon or >". But the
right hand side matches only word characters.
If we matched "anything not a >", then the attempted parameter would have
been matched, and "book.id" would have hit the guard we have for invalid
identifiers, with a message like:
> "URL route 'books/<int:book.id>/' uses parameter name 'bookid' which
isn't a valid Python identifier."
--
Ticket URL: <https://code.djangoproject.com/ticket/31459>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Johnson |
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage:
| Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* has_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/31459#comment:1>
Django
-------------------------------------+-------------------------------------
Reporter: Adam (Chainz) | Owner: Adam
Johnson | (Chainz) Johnson
Type: Bug | Status: assigned
Component: Core (URLs) | Version: master
Severity: Normal | Resolution:
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* owner: nobody => Adam (Chainz) Johnson
* stage: Unreviewed => Accepted
Old description:
> A [user on the Django forum](https://forum.djangoproject.com/t
> /noreversematcherror-path-and-args-vs-kwargs/1923) tried to configure a
> URL like `books/<int:book.id>/`. This was successfully parsed as a URL,
> but no converters applied.
>
> This is because the left hand side of the regex for finding path
> parameter syntax looks for converter names with "anything not a colon or
> >". But the right hand side matches only word characters.
>
> If we matched "anything not a >", then the attempted parameter would have
> been matched, and "book.id" would have hit the guard we have for invalid
> identifiers, with a message like:
>
> > "URL route 'books/<int:book.id>/' uses parameter name 'bookid' which
> isn't a valid Python identifier."
New description:
A [https://forum.djangoproject.com/t/noreversematcherror-path-and-args-vs-
kwargs/1923 user on the Django forum] tried to configure a URL like
`books/<int:book.id>/`. This was successfully parsed as a URL, but no
converters applied.
This is because the left hand side of the regex for finding path parameter
syntax looks for converter names with "anything not a colon or >". But the
right hand side matches only word characters.
If we matched "anything not a >", then the attempted parameter would have
been matched, and "book.id" would have hit the guard we have for invalid
identifiers, with a message like:
> "URL route 'books/<int:book.id>/' uses parameter name 'book.id' which
isn't a valid Python identifier."
--
Comment:
[https://github.com/django/django/pull/12710 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/31459#comment:2>
Django
-------------------------------------+-------------------------------------
Reporter: Adam (Chainz) | Owner: Adam
Johnson | (Chainz) Johnson
Cleanup/optimization |
Component: Core (URLs) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* type: Bug => Cleanup/optimization
--
Ticket URL: <https://code.djangoproject.com/ticket/31459#comment:3>
Django
-------------------------------------+-------------------------------------
Reporter: Adam (Chainz) | Owner: Adam
Johnson | (Chainz) Johnson
Type: | Status: assigned
Cleanup/optimization |
Component: Core (URLs) | Version: master
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/31459#comment:4>
Django
-------------------------------------+-------------------------------------
Reporter: Adam (Chainz) | Owner: Adam
Johnson | (Chainz) Johnson
Cleanup/optimization |
Component: Core (URLs) | Version: master
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"4bb33bb07450ea9b623877417c28e6489246f51c" 4bb33bb0]:
{{{
#!CommitTicketReference repository=""
revision="4bb33bb07450ea9b623877417c28e6489246f51c"
Fixed #31459 -- Fixed handling invalid indentifiers in URL path
conversion.
This patch adjusted existing tests that used invalid identifiers.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/31459#comment:5>