[Django] #34119: Admin: ArrayField in inlines are not properly validated
Django
-------------------------------------+-------------------------------------
Reporter: Benjamin | Owner: nobody
Rigaud |
Type: Bug | Status: new
Component: | Version: 3.2
Uncategorized | Keywords: admin, arrayfield,
Severity: Normal | forms
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
When creating an object via the admin, if an inline contains an ArrayField
in error, the validation will be bypassed (and the inline dismissed) if we
submit the form a second time (without modification).
- go to `/admin/my_app/thing/add/`
- type anything in `plop`
- submit -> it shows an error on the inline
- submit again -> no errors, `plop` become unfilled
{{{
# models.py
class Thing(models.Model):
pass
class RelatedModel(models.Model):
thing = models.ForeignKey(Thing, on_delete=models.CASCADE)
plop = ArrayField(
models.CharField(max_length=42),
default=list,
)
# admin.py
class RelatedModelForm(forms.ModelForm):
def clean(self):
raise ValidationError("whatever")
class RelatedModelInline(admin.TabularInline):
form = RelatedModelForm
model = RelatedModel
extra = 1
@admin.register(Thing)
class ThingAdmin(admin.ModelAdmin):
inlines = [
RelatedModelInline
]
}}}
It seems related to the hidden input containing the initial value:
`<input type="hidden" name="initial-relatedmodel_set-0-plop" value="test"
id="initial-relatedmodel_set-0-id_relatedmodel_set-0-plop">`
I can fix the issue locally by forcing `show_hidden_initial=False` on the
field (in the form init)
--
Ticket URL: <https://code.djangoproject.com/ticket/34119>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Resolution:
Keywords: admin, arrayfield, | Triage Stage:
forms | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* Attachment "Screenshot from 2022-10-25 13-28-33.png" added.
First submit
Django
-------------------------------------+-------------------------------------
Reporter: Benjamin Rigaud | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Resolution:
Keywords: admin, arrayfield, | Triage Stage:
forms | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Benjamin Rigaud):
* Attachment "Screenshot from 2022-10-25 13-29-00.png" added.
Second submit
Django
-------------------------------------+-------------------------------------
Reporter: Benjamin Rigaud | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Resolution:
Keywords: admin, arrayfield, | Triage Stage:
forms | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mariusz Felisiak):
Can you reproduce this issue with Django 4.1? (or with the current `main`
branch). Django 3.2 is in extended support so it doesn't receive bugfixes
anymore (except security patches).
--
Ticket URL: <https://code.djangoproject.com/ticket/34119#comment:1>
Django
-------------------------------------+-------------------------------------
Reporter: Benjamin Rigaud | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Resolution:
Keywords: admin, arrayfield, | Triage Stage:
forms | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Benjamin Rigaud):
Replying to [comment:1 Mariusz Felisiak]:
> Can you reproduce this issue with Django 4.1? (or with the current
`main` branch). Django 3.2 is in extended support so it doesn't receive
bugfixes anymore (except security patches).
Same issue with Django 4.1.2
--
Ticket URL: <https://code.djangoproject.com/ticket/34119#comment:2>
Django
-------------------------------------+-------------------------------------
Reporter: Benjamin Rigaud | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Resolution:
Keywords: admin, arrayfield, | Triage Stage:
forms | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by David Sanders):
This is because the inline form is considered to be changed on the first
submission but not on the second submission.
Fields with callable defaults have a hidden widget which then used to
detect if it's changed – a mechanism implemented long ago to preserve
changing defaults between submissions like `timezone.now`.
I think the problem here is that the hidden widget is being populated with
the submitted data instead of the result of the callable default. I've
submitted a PR to prevent these hidden widgets from being overridden by
submitted values.
--
Ticket URL: <https://code.djangoproject.com/ticket/34119#comment:3>
Django
-------------------------------------+-------------------------------------
| Sanders
Type: Bug | Status: assigned
Component: Forms | Version: 4.1
Severity: Normal | Resolution:
Keywords: admin, arrayfield, | Triage Stage: Accepted
forms |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => assigned
* cc: David Sanders (added)
* needs_better_patch: 0 => 1
* component: Uncategorized => Forms
* version: 3.2 => 4.1
* owner: nobody => David Sanders
* has_patch: 0 => 1
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/34119#comment:4>
Django
-------------------------------------+-------------------------------------
Reporter: Benjamin Rigaud | Owner: David
| Sanders
Type: Bug | Status: assigned
Component: Forms | Version: 4.1
Severity: Normal | Resolution:
Keywords: admin, arrayfield, | Triage Stage: Accepted
forms |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by David Sanders):
For reference here's the original ticket implementing the logic causing
behaviour: #7975
--
Ticket URL: <https://code.djangoproject.com/ticket/34119#comment:5>