mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 02:48:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Added a default limit to the maximum number of forms in a formset.

Browse source 
This is a security fix. Disclosure and advisory coming shortly.
This commit is contained in:
Aymeric Augustin 2013-02-12 11:22:41 +01:00 committed by Carl Meyer
parent 1f39eafd60
commit 35c991aa06
5 changed files with 85 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/topics/forms/modelforms.txt
View file

@ -738,8 +738,8 @@ so long as the total number of forms does not exceed ``max_num``::
<tr><th><label for="id_form-2-name">Name:</label></th><td><input id="id_form-2-name" type="text" name="form-2-name" value="Walt Whitman" maxlength="100" /><input type="hidden" name="form-2-id" value="2" id="id_form-2-id" /></td></tr>
<tr><th><label for="id_form-3-name">Name:</label></th><td><input id="id_form-3-name" type="text" name="form-3-name" maxlength="100" /><input type="hidden" name="form-3-id" id="id_form-3-id" /></td></tr>
A ``max_num`` value of ``None`` (the default) puts no limit on the number of
forms displayed.
A ``max_num`` value of ``None`` (the default) puts a high limit on the number
of forms displayed (1000). In practice this is equivalent to no limit.
Using a model formset in a view
-------------------------------