Fixed #36152 -- Deprecated use of "%" in column aliases.

Unintentional support existed only on SQLite and Oracle.
2025-10-24 06:06:09 +00:00 · 2025-02-17 19:27:21 -05:00
parent 56f468681a
commit 8ede411a81
4 changed files with 49 additions and 0 deletions
--- a/tests/annotations/tests.py
+++ b/tests/annotations/tests.py
@@ -39,6 +39,7 @@ from django.db.models.functions import (
 from django.db.models.sql.query import get_field_names_from_opts
 from django.test import TestCase, skipUnlessDBFeature
 from django.test.utils import register_lookup
+from django.utils.deprecation import RemovedInDjango70Warning

 from .models import (
    Author,
@@ -1157,6 +1158,11 @@ class NonAggregateAnnotationTestCase(TestCase):

    def test_alias_sql_injection(self):
        crafted_alias = """injected_name" from "annotations_book"; --"""
+        # RemovedInDjango70Warning: When the deprecation ends, replace with:
+        # msg = (
+        #    "Column aliases cannot contain whitespace characters, quotation marks, "
+        #    "semicolons, percent signs, or SQL comments."
+        # )
        msg = (
            "Column aliases cannot contain whitespace characters, quotation marks, "
            "semicolons, or SQL comments."
@@ -1176,10 +1182,17 @@ class NonAggregateAnnotationTestCase(TestCase):
            "ali/*as",
            "alias*/",
            "alias;",
+            # RemovedInDjango70Warning: When the deprecation ends, add this case.
+            # "alias%",
            # [] are used by MSSQL.
            "alias[",
            "alias]",
        ]
+        # RemovedInDjango70Warning: When the deprecation ends, replace with:
+        # msg = (
+        #    "Column aliases cannot contain whitespace characters, quotation marks, "
+        #    "semicolons, percent signs, or SQL comments."
+        # )
        msg = (
            "Column aliases cannot contain whitespace characters, quotation marks, "
            "semicolons, or SQL comments."
@@ -1189,6 +1202,11 @@ class NonAggregateAnnotationTestCase(TestCase):
                with self.assertRaisesMessage(ValueError, msg):
                    Book.objects.annotate(**{crafted_alias: Value(1)})

+    def test_alias_containing_percent_sign_deprecation(self):
+        msg = "Using percent signs in a column alias is deprecated."
+        with self.assertRaisesMessage(RemovedInDjango70Warning, msg):
+            Book.objects.annotate(**{"alias%": Value(1)})
+
    @skipUnless(connection.vendor == "postgresql", "PostgreSQL tests")
    @skipUnlessDBFeature("supports_json_field")
    def test_set_returning_functions(self):
@@ -1476,6 +1494,11 @@ class AliasTests(TestCase):

    def test_alias_sql_injection(self):
        crafted_alias = """injected_name" from "annotations_book"; --"""
+        # RemovedInDjango70Warning: When the deprecation ends, replace with:
+        # msg = (
+        #    "Column aliases cannot contain whitespace characters, quotation marks, "
+        #    "semicolons, percent signs, or SQL comments."
+        # )
        msg = (
            "Column aliases cannot contain whitespace characters, quotation marks, "
            "semicolons, or SQL comments."