Fixed queries that may return unexpected results on MySQL due to typecasting.

This is a security fix; disclosure to follow shortly.
2025-10-24 06:06:09 +00:00 · 2014-04-20 16:13:41 -04:00
parent c083e3815a
commit 75c0d4ea3a
6 changed files with 95 additions and 2 deletions
--- a/tests/model_fields/tests.py
+++ b/tests/model_fields/tests.py
@@ -673,12 +673,20 @@ class PromiseTest(test.TestCase):
        self.assertIsInstance(
            CharField().get_prep_value(lazy_func()),
            six.text_type)
+        lazy_func = lazy(lambda: 0, int)
+        self.assertIsInstance(
+            CharField().get_prep_value(lazy_func()),
+            six.text_type)

    def test_CommaSeparatedIntegerField(self):
        lazy_func = lazy(lambda: '1,2', six.text_type)
        self.assertIsInstance(
            CommaSeparatedIntegerField().get_prep_value(lazy_func()),
            six.text_type)
+        lazy_func = lazy(lambda: 0, int)
+        self.assertIsInstance(
+            CommaSeparatedIntegerField().get_prep_value(lazy_func()),
+            six.text_type)

    def test_DateField(self):
        lazy_func = lazy(lambda: datetime.date.today(), datetime.date)
@@ -709,12 +717,20 @@ class PromiseTest(test.TestCase):
        self.assertIsInstance(
            FileField().get_prep_value(lazy_func()),
            six.text_type)
+        lazy_func = lazy(lambda: 0, int)
+        self.assertIsInstance(
+            FileField().get_prep_value(lazy_func()),
+            six.text_type)

    def test_FilePathField(self):
        lazy_func = lazy(lambda: 'tests.py', six.text_type)
        self.assertIsInstance(
            FilePathField().get_prep_value(lazy_func()),
            six.text_type)
+        lazy_func = lazy(lambda: 0, int)
+        self.assertIsInstance(
+            FilePathField().get_prep_value(lazy_func()),
+            six.text_type)

    def test_FloatField(self):
        lazy_func = lazy(lambda: 1.2, float)
@@ -735,9 +751,13 @@ class PromiseTest(test.TestCase):
            int)

    def test_IPAddressField(self):
-        lazy_func = lazy(lambda: '127.0.0.1', six.text_type)
        with warnings.catch_warnings(record=True):
            warnings.simplefilter("always")
+            lazy_func = lazy(lambda: '127.0.0.1', six.text_type)
+            self.assertIsInstance(
+                IPAddressField().get_prep_value(lazy_func()),
+                six.text_type)
+            lazy_func = lazy(lambda: 0, int)
            self.assertIsInstance(
                IPAddressField().get_prep_value(lazy_func()),
                six.text_type)
@@ -747,6 +767,10 @@ class PromiseTest(test.TestCase):
        self.assertIsInstance(
            GenericIPAddressField().get_prep_value(lazy_func()),
            six.text_type)
+        lazy_func = lazy(lambda: 0, int)
+        self.assertIsInstance(
+            GenericIPAddressField().get_prep_value(lazy_func()),
+            six.text_type)

    def test_NullBooleanField(self):
        lazy_func = lazy(lambda: True, bool)
@@ -771,6 +795,10 @@ class PromiseTest(test.TestCase):
        self.assertIsInstance(
            SlugField().get_prep_value(lazy_func()),
            six.text_type)
+        lazy_func = lazy(lambda: 0, int)
+        self.assertIsInstance(
+            SlugField().get_prep_value(lazy_func()),
+            six.text_type)

    def test_SmallIntegerField(self):
        lazy_func = lazy(lambda: 1, int)
@@ -783,6 +811,10 @@ class PromiseTest(test.TestCase):
        self.assertIsInstance(
            TextField().get_prep_value(lazy_func()),
            six.text_type)
+        lazy_func = lazy(lambda: 0, int)
+        self.assertIsInstance(
+            TextField().get_prep_value(lazy_func()),
+            six.text_type)

    def test_TimeField(self):
        lazy_func = lazy(lambda: datetime.datetime.now().time(), datetime.time)