#35569: Misleading ValidationError wording from `limit_choices_to` violation
-------------------------------------+-------------------------------------
Reporter: Jacob Walls | Owner: Jacob
Type: | Walls
Cleanup/optimization | Status: assigned
Component: Database layer | Version: 4.2
(models, ORM) |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Simon Charette):
* stage: Unreviewed => Accepted
Comment:
Changing the logic to disambiguate between "not exists" and "not matching"
would require a non-negligible amount of work (we'd have to annotate the
`limits_choice_to` criteria and check its value instead of simply doing
`queryset = queryset.complex_filter(...)`) and introduces undesirable
existence disclosure as you brought up.
Switching the validation error message to "not a valid choice" makes sense
though as it prevents disclosure,
[
https://github.com/django/django/blob/289f48c71b0fdd058defb29879368897fb837021/django/db/models/fields/related.py#L931C5-L933
is not an invasive patch], and quite frankly is a better user error
message.
--
Ticket URL: <
https://code.djangoproject.com/ticket/35569#comment:2>
Django <
https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.