[Django] #29493: ORM: [fieldname]__in when passed a string iterates over digits of the string

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

[Django] #29493: ORM: [fieldname]__in when passed a string iterates over digits of the string

Django
#29493: ORM: [fieldname]__in when passed a string iterates over digits of the
string
-------------------------------------+-------------------------------------
               Reporter:  Christian  |          Owner:  nobody
  Ledermann                          |
                   Type:             |         Status:  new
  Uncategorized                      |
              Component:  Database   |        Version:  1.11
  layer (models, ORM)                |
               Severity:  Release    |       Keywords:
  blocker                            |
           Triage Stage:             |      Has patch:  0
  Unreviewed                         |
    Needs documentation:  0          |    Needs tests:  0
Patch needs improvement:  0          |  Easy pickings:  0
                  UI/UX:  0          |
-------------------------------------+-------------------------------------
 Can be reproduced in a virgin new project with `django-admin startproject
 mysite`
 Django version 1.11.13, python version 2.7
 Databases tested: PostgreSQL and sqlite3

 Observed behaviour:
 {{{
 (Pdb) from django.contrib.auth import get_user_model
 (Pdb) User = get_user_model()
 (Pdb) query = User.objects.filter(id__in='1234567890')
 (Pdb) print query.query
 SELECT "auth_user"."id", "auth_user"."password", "auth_user"."last_login",
 "auth_user"."is_superuser", "auth_user"."username",
 "auth_user"."first_name", "auth_user"."last_name", "auth_user"."email",
 "auth_user"."is_staff", "auth_user"."is_active", "auth_user"."date_joined"
 FROM "auth_user" WHERE "auth_user"."id" IN (0, 1, 2, 3, 4, 5, 6, 7, 8, 9)

 }}}
 Expected Behaviour:
 An error is raised

--
Ticket URL: <https://code.djangoproject.com/ticket/29493>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/049.730ff78850a6583758c7f993e95d470a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29493: ORM: [fieldname]__in when passed a string iterates over digits of the string

Django
#29493: ORM: [fieldname]__in when passed a string iterates over digits of the
string
-------------------------------------+-------------------------------------
     Reporter:  Christian Ledermann  |                    Owner:  nobody
         Type:  Uncategorized        |                   Status:  new
    Component:  Database layer       |                  Version:  1.11
  (models, ORM)                      |
     Severity:  Release blocker      |               Resolution:
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Christian Ledermann):

 Also reproduced with python 3.5, django 2.0.6

--
Ticket URL: <https://code.djangoproject.com/ticket/29493#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.c7614d900eb5f160735de9e0a8fdb5c2%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29493: Block strings from being passed to `__in` (was: ORM: [fieldname]__in when passed a string iterates over digits of the string)

Django
In reply to this post by Django
#29493: Block strings from being passed to `__in`
-------------------------------------+-------------------------------------
     Reporter:  Christian Ledermann  |                    Owner:  nobody
         Type:  New feature          |                   Status:  closed
    Component:  Database layer       |                  Version:  1.11
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

 * status:  new => closed
 * resolution:   => wontfix
 * type:  Uncategorized => New feature
 * severity:  Release blocker => Normal


Old description:

> Can be reproduced in a virgin new project with `django-admin startproject
> mysite`
> Django version 1.11.13, python version 2.7
> Databases tested: PostgreSQL and sqlite3
>
> Observed behaviour:
> {{{
> (Pdb) from django.contrib.auth import get_user_model
> (Pdb) User = get_user_model()
> (Pdb) query = User.objects.filter(id__in='1234567890')
> (Pdb) print query.query
> SELECT "auth_user"."id", "auth_user"."password",
> "auth_user"."last_login", "auth_user"."is_superuser",
> "auth_user"."username", "auth_user"."first_name",
> "auth_user"."last_name", "auth_user"."email", "auth_user"."is_staff",
> "auth_user"."is_active", "auth_user"."date_joined" FROM "auth_user" WHERE
> "auth_user"."id" IN (0, 1, 2, 3, 4, 5, 6, 7, 8, 9)
>
> }}}
> Expected Behaviour:
> An error is raised
New description:

 ORM: [fieldname]__in when passed a string iterates over digits of the
 string

 Can be reproduced in a virgin new project with `django-admin startproject
 mysite`
 Django version 1.11.13, python version 2.7
 Databases tested: PostgreSQL and sqlite3

 Observed behaviour:
 {{{
 (Pdb) from django.contrib.auth import get_user_model
 (Pdb) User = get_user_model()
 (Pdb) query = User.objects.filter(id__in='1234567890')
 (Pdb) print query.query
 SELECT "auth_user"."id", "auth_user"."password", "auth_user"."last_login",
 "auth_user"."is_superuser", "auth_user"."username",
 "auth_user"."first_name", "auth_user"."last_name", "auth_user"."email",
 "auth_user"."is_staff", "auth_user"."is_active", "auth_user"."date_joined"
 FROM "auth_user" WHERE "auth_user"."id" IN (0, 1, 2, 3, 4, 5, 6, 7, 8, 9)

 }}}
 Expected Behaviour:
 An error is raised

--

Comment:

 This is expected behaviour. You pass `__in` an iterable, a string is an
 iterable. It's not the desired result, I grant you, but it's just Python.

 So first, this isn't a Release Blocker. At best it's a bug, of normal
 severity.

 I'm going to class it as a "New Feature" though because you're basically
 asking to add type checking here, to make sure you pass the right kind of
 iterable.
 (i.e. not a string.)

 For that I'm going to say `wontfix`. I strongly suspect it wouldn't be
 worth the effort (i.e the added code would be worse than the problem it's
 guarding against.) It's also quite likely that there are use-cases where
 being able to pass a string (as an iterable) is the desired behaviour:
 there will be people somewhere using that.

--
Ticket URL: <https://code.djangoproject.com/ticket/29493#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.a4688e6d65b32414641bbca880c40c80%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29493: Block strings from being passed to `__in`

Django
In reply to this post by Django
#29493: Block strings from being passed to `__in`
-------------------------------------+-------------------------------------
     Reporter:  Christian Ledermann  |                    Owner:  nobody
         Type:  New feature          |                   Status:  closed
    Component:  Database layer       |                  Version:  1.11
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Christian Ledermann):

 `wontfix` is fair enough. imho it should be documented though. I try to
 find the time to add to the documentation after I cleaned up the mess this
 behaviour left me in.

--
Ticket URL: <https://code.djangoproject.com/ticket/29493#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.9d3b2f5a53c4ce808ac21624d07076aa%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29493: Block strings from being passed to `__in`

Django
In reply to this post by Django
#29493: Block strings from being passed to `__in`
-------------------------------------+-------------------------------------
     Reporter:  Christian Ledermann  |                    Owner:  nobody
         Type:  New feature          |                   Status:  closed
    Component:  Database layer       |                  Version:  1.11
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Christian Ledermann):

 https://github.com/django/django/pull/10049

--
Ticket URL: <https://code.djangoproject.com/ticket/29493#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.d5b0d5021dc15dd42b8419a2a5d73386%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29493: Block strings from being passed to `__in`

Django
In reply to this post by Django
#29493: Block strings from being passed to `__in`
-------------------------------------+-------------------------------------
     Reporter:  Christian Ledermann  |                    Owner:  nobody
         Type:  New feature          |                   Status:  closed
    Component:  Database layer       |                  Version:  1.11
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

 In [changeset:"11bfe3a83d79c832bd861b6b87f254197fde1659" 11bfe3a8]:
 {{{
 #!CommitTicketReference repository=""
 revision="11bfe3a83d79c832bd861b6b87f254197fde1659"
 Refs #29493 -- Doc'd that the QuerySet in lookup accepts a string.
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29493#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.5c85e50d33c4e406d35c5950df492c2f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29493: Block strings from being passed to `__in`

Django
In reply to this post by Django
#29493: Block strings from being passed to `__in`
-------------------------------------+-------------------------------------
     Reporter:  Christian Ledermann  |                    Owner:  nobody
         Type:  New feature          |                   Status:  closed
    Component:  Database layer       |                  Version:  1.11
  (models, ORM)                      |
     Severity:  Normal               |               Resolution:  wontfix
     Keywords:                       |             Triage Stage:
                                     |  Unreviewed
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

 In [changeset:"d28360aa48e40af43450dcdd3843fe7b197b898c" d28360aa]:
 {{{
 #!CommitTicketReference repository=""
 revision="d28360aa48e40af43450dcdd3843fe7b197b898c"
 [2.1.x] Refs #29493 -- Doc'd that the QuerySet in lookup accepts a string.

 Backport of 11bfe3a83d79c832bd861b6b87f254197fde1659 from master
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29493#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/064.75260eaa267f3420fd2c21938d59fc9e%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.