mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.

Browse source 
This was a regression introduced by 7deeabc7c7
to address CVE-2019-14234.

Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
This commit is contained in:
Simon Charette 2019-09-15 23:25:50 -04:00 committed by Mariusz Felisiak
parent bd7e0f81f8
commit 6c3dfba892
7 changed files with 27 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/postgres_tests/test_hstore.py
View file

@ -2,7 +2,7 @@ import json
from django.core import checks, exceptions, serializers
from django.db import connection
from django.db.models.expressions import RawSQL
from django.db.models.expressions import OuterRef, RawSQL, Subquery
from django.forms import Form
from django.test.utils import CaptureQueriesContext, isolate_apps
@ -207,6 +207,12 @@ class TestQuerying(PostgreSQLTestCase):
queries[0]['sql'],
)
def test_obj_subquery_lookup(self):
qs = HStoreModel.objects.annotate(
value=Subquery(HStoreModel.objects.filter(pk=OuterRef('pk')).values('field')),
).filter(value__a='b')
self.assertSequenceEqual(qs, self.objs[:2])
@isolate_apps('postgres_tests')
class TestChecks(PostgreSQLSimpleTestCase):

8
tests/postgres_tests/test_json.py
View file

@ -6,7 +6,7 @@ from decimal import Decimal
from django.core import checks, exceptions, serializers
from django.core.serializers.json import DjangoJSONEncoder
from django.db import connection
from django.db.models import Count, F, Q
from django.db.models import Count, F, OuterRef, Q, Subquery
from django.db.models.expressions import RawSQL
from django.db.models.functions import Cast
from django.forms import CharField, Form, widgets
@ -303,6 +303,12 @@ class TestQuerying(PostgreSQLTestCase):
[self.objs[7], self.objs[8]]
)
def test_obj_subquery_lookup(self):
qs = JSONModel.objects.annotate(
value=Subquery(JSONModel.objects.filter(pk=OuterRef('pk')).values('field')),
).filter(value__a='b')
self.assertSequenceEqual(qs, [self.objs[7], self.objs[8]])
def test_deep_lookup_objs(self):
self.assertSequenceEqual(
JSONModel.objects.filter(field__k__l='m'),