mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #23266 -- Prevented queries caused by type checking lookup values

Browse Source 
Small modifications done by committer.
This commit is contained in:
Anubhav Joshi
2014-08-10 18:23:37 +05:30
committed by Anssi Kääriäinen
parent f0b358880a
commit cdfdcf4b70
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
django/db/models/sql/query.py
View File

@@ -1104,8 +1104,19 @@ class Query(object):
if field.rel:
# testing for iterable of models
if hasattr(value, '__iter__'):
for v in value:
self.check_query_object_type(v, opts)
# Check if the iterable has a model attribute, if so
# it is likely something like a QuerySet.
if hasattr(value, 'model') and hasattr(value.model, '_meta'):
model = value.model
if not (model == opts.concrete_model
or opts.concrete_model in model._meta.get_parent_list()
or model in opts.get_parent_list()):
raise ValueError(
'Cannot use QuerySet for "%s": Use a QuerySet for "%s".' %
(model._meta.model_name, opts.object_name))
else:
for v in value:
self.check_query_object_type(v, opts)
else:
# expecting single model instance here
self.check_query_object_type(value, opts)