Security issue in django.db.models
33 views
Skip to first unread message
Juan D.
Aug 7, 2020, 7:47:12 AM8/7/20
to Django users
I've created a model with null and blank set to False in robot_name:
class Robot(models.Model):
robot_name = models.CharField(max_length=200, null=False, blank=False)
version = models.CharField(max_length=20, blank=True, null=True)
class Meta:
unique_together = ('robot_name', 'version',)
On the admin website everything works perfectly and I am not allowed to create a robot without a name. However, on the shell:
Robot.objects.create(version="test_version")
doesn't raise any Exception.
What could it be?
neeraj garg
Aug 7, 2020, 9:11:48 AM8/7/20
to django...@googlegroups.com
It basically sets a null value i.e. "" for the fields that you don't pass while creating an object in shell. And "" it acceptable value. If you want to restrict "" then add some validations.
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4ff1570e-70a2-495c-82e3-f20d760992d2n%40googlegroups.com.
ule...@gmail.com
Aug 7, 2020, 12:36:24 PM8/7/20
to Django users
Null value is not the same as an empty string !!!
You have to validate the robot_name
see also : https://stackoverflow.com/questions/6940499/how-can-you-create-a-non-empty-charfield-in-django
You have to validate the robot_name
see also : https://stackoverflow.com/questions/6940499/how-can-you-create-a-non-empty-charfield-in-django
Op vrijdag 7 augustus 2020 om 15:11:48 UTC+2 schreef neera...@gmail.com:
Stephen J. Butler
Aug 9, 2020, 12:42:26 AM8/9/20
to django...@googlegroups.com
If you look at the documentation for 'blank' it says:
"""
Note that this is different than null. null is purely database-related, whereas blank is validation-related. If a field has blank=True, form validation will allow entry of an empty value. If a field has blank=False, the field will be required.
"""
"""
So that is only caught when doing form validation, not when doing model validation.
--
Liu Zheng
Aug 9, 2020, 5:16:40 AM8/9/20
to django...@googlegroups.com
All the previous answers are great to explain the reason. Just want to add: if you do not desire empty string in form and in shell, you probably need to add a min_length validation condition
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAD4ANxV3r35zB70M4D6s_35PuxUeYay5JQUFuPOfJAA6vovBxQ%40mail.gmail.com.
Juan Díaz
Aug 10, 2020, 6:20:14 AM8/10/20
to django...@googlegroups.com
Thanks for the answers!
You received this message because you are subscribed to a topic in the Google Groups "Django users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-users/ynT4U9I43DU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAGQ3pf9ve5jj3kVBzXqAm9J86Yq0U57B_iLRnL7SnsTtdGcvfA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages