mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-12-02 00:01:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
django/tests/expressions
History
Simon Charette 089deb82b9 Fixed #36025 -- Fixed re-aliasing of iterable (in/range) lookups rhs. 
In order for Expression.relabeled_clone to work appropriately its
get_source_expressions method must return all resolvable which wasn't the case
for Lookup when its right-hand-side is "direct" (not a compilable).

While refs #22288 added support for non-literals iterable right-hand-side
lookups it predated the subclassing of Lookup(Expression) refs #27021 which
could have been an opportunity to ensure right-hand-sides are always resolvable
(ValueList and ExpressionList).

Addressing all edge case with non-resolvable right-hand-sides would require
a significant refactor and deprecation of some parts of the Lookup interface so
this patch only focuses on FieldGetDbPrepValueIterableMixin (In and Range
lookups) by making sure that a right-hand-side containing resolvables are dealt
with appropriately during the resolving phase.

Thanks Aashay Amballi for the report.
2025-02-06 16:57:44 +01:00
..
__init__.py
models.py Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 2024-08-06 08:50:08 +02:00
test_queryset_values.py Fixed CVE-2024-42005 -- Mitigated QuerySet.values() SQL injection attacks against JSON fields. 2024-08-06 08:50:08 +02:00
tests.py Fixed #36025 -- Fixed re-aliasing of iterable (in/range) lookups rhs. 2025-02-06 16:57:44 +01:00