[5.2.x] Fixed #36299 -- Prevented field selection on QuerySet.alias() after values().

Regression in 65ad4ade74. Refs #28900. Thanks Jeff Iadarola for the report and tests. Co-Authored-By: OutOfFocus4 <jeff.iadarola@gmail.com> Backport of 12b771a1ec from main
2025-11-07 07:15:35 +00:00 · 2025-04-04 10:18:27 -04:00
parent d9bf0d07cc
commit cd1aa54f5a
3 changed files with 9 additions and 1 deletions
--- a/tests/annotations/tests.py
+++ b/tests/annotations/tests.py
@@ -1470,6 +1470,10 @@ class AliasTests(TestCase):
                with self.assertRaisesMessage(FieldError, msg):
                    getattr(qs, operation)("rating_alias")

+    def test_alias_after_values(self):
+        qs = Book.objects.values_list("pk").alias(other_pk=F("pk"))
+        self.assertEqual(qs.get(pk=self.b1.pk), (self.b1.pk,))
+
    def test_alias_sql_injection(self):
        crafted_alias = """injected_name" from "annotations_book"; --"""
        msg = (