[Django] #33175: ForeignKeyRawIdWidget doesn't use quoting for object.pk and generates unavailable links in admin

31 views
Skip to first unread message

Django

unread,
Oct 7, 2021, 7:03:04 AM10/7/21
to django-...@googlegroups.com
#33175: ForeignKeyRawIdWidget doesn't use quoting for object.pk and generates
unavailable links in admin
----------------------------------------------+------------------------
Reporter: Alexander Pervakov | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
----------------------------------------------+------------------------
When related model use CharField as primary key and it have some special
characters, i.e. "_" then (in my case) on TabularInline admin view I've
links without proper quoting that guides me to 302 redirect and error
message "There is no product with id "some_id$"". Here the `$` sign is a
quoted `_24` that you can see in an example:

{{{
# app/models.py
class Product(models.Model):
id = models.CharField(max_length=100, primary_key=True, null=False)

class Partner(models.Model):
name = models.CharField(max_length=256)

class PartnerProductRelation(models.Model):
partner = models.ForeignKey(
Partner, related_name="product_links", on_delete=models.CASCADE,
)
product = models.ForeignKey(
Product, related_name="partner_links", on_delete=models.CASCADE,
)

# app/admin.py
class PartnerProductRelationAdmin(admin.TabularInline):
model = PartnerProductRelation
extra = 1
raw_id_fields = ("product",)

class PartnerAdmin(admin.ModelAdmin):
list_display = ("name",)
fields = ("name",)
inlines = [PartnerProductRelationAdmin]

admin.site.register(Partner, PartnerAdmin)

# test_url.py
partner = Partner(id=1, name="Some Partner")
product = Product(id="some_id_24")
PartnerProductRelation(partner=partner, product=product)

url = reverse("admin:app_partner_change", args=(quote(partner.id),))
response = admin_client.get(url)
assert response.content.find(
b"""<a
href="/admin/app/product/some_5Fid_5F24/change/">some_id_24</a>"""
) > -1
}}}

Is tests/admin_widgets/tests.py a good place to create the regression?

Also found not-quoted reverse that can lead to the same consequences here
django.contrib.admin.options.ModelAdmin.response_change:

{{{
elif "_saveasnew" in request.POST:
redirect_url = reverse('admin:%s_%s_change' %
(opts.app_label, opts.model_name),
args=(obj.pk,),
current_app=self.admin_site.name)
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/33175>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Oct 7, 2021, 7:03:30 AM10/7/21
to django-...@googlegroups.com
#33175: ForeignKeyRawIdWidget doesn't use quoting for object.pk and generates
unavailable links in admin
------------------------------------+--------------------------------------

Reporter: Alexander Pervakov | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.2
Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------------+--------------------------------------
Changes (by Alexander Pervakov):

* Attachment "admin_quote_object_pk.diff" added.

Django

unread,
Oct 7, 2021, 7:05:33 AM10/7/21
to django-...@googlegroups.com
#33175: ForeignKeyRawIdWidget doesn't use quoting for object.pk and generates
unavailable links in admin
------------------------------------+--------------------------------------

Reporter: Alexander Pervakov | Owner: nobody
Type: Bug | Status: closed
Component: contrib.admin | Version: 3.2
Severity: Normal | Resolution: duplicate

Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------------+--------------------------------------
Changes (by Mariusz Felisiak):

* status: new => closed
* resolution: => duplicate
* component: Uncategorized => contrib.admin
* type: Uncategorized => Bug


Comment:

Duplicate of #30386.

--
Ticket URL: <https://code.djangoproject.com/ticket/33175#comment:1>

Django

unread,
Oct 7, 2021, 7:06:20 AM10/7/21
to django-...@googlegroups.com
#33175: ForeignKeyRawIdWidget doesn't quote object.pk and generates wrong links.
------------------------------------+--------------------------------------

Reporter: Alexander Pervakov | Owner: nobody
Type: Bug | Status: closed
Component: contrib.admin | Version: 3.2
Severity: Normal | Resolution: duplicate
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------------+--------------------------------------

--
Ticket URL: <https://code.djangoproject.com/ticket/33175#comment:2>

Reply all
Reply to author
Forward
0 new messages