diff options
| author | Simon Charette <simon.charette@zapier.com> | 2019-09-15 23:25:50 -0400 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-09-16 09:05:48 +0200 |
| commit | fd393907c91e855acbd6f7a287bdc8e951c328e8 (patch) | |
| tree | 26e2eae5a958f04f841e38c042c35d1e4fe98b37 | |
| parent | 30c3d5fd731450705104dee1f3c2f67b8aad8495 (diff) | |
| download | django-fd393907c91e855acbd6f7a287bdc8e951c328e8.tar.gz | |
[1.11.x] Fixed #30769 -- Fixed a crash when filtering against a subquery JSON/HStoreField annotation.
This was a regression introduced by 7deeabc7c7526786df6894429ce89a9c4b614086
to address CVE-2019-14234.
Thanks Tim Kleinschmidt for the report and Mariusz for the tests.
Backport of 6c3dfba89215fc56fc27ef61829a6fff88be4abb from master.
| -rw-r--r-- | django/contrib/postgres/fields/hstore.py | 2 | ||||
| -rw-r--r-- | django/contrib/postgres/fields/jsonb.py | 2 | ||||
| -rw-r--r-- | docs/releases/1.11.25.txt | 4 | ||||
| -rw-r--r-- | tests/postgres_tests/test_hstore.py | 8 | ||||
| -rw-r--r-- | tests/postgres_tests/test_json.py | 8 |
5 files changed, 19 insertions, 5 deletions
diff --git a/django/contrib/postgres/fields/hstore.py b/django/contrib/postgres/fields/hstore.py index e2c4a2b338..5ddb10e584 100644 --- a/django/contrib/postgres/fields/hstore.py +++ b/django/contrib/postgres/fields/hstore.py @@ -86,7 +86,7 @@ class KeyTransform(Transform): def as_sql(self, compiler, connection): lhs, params = compiler.compile(self.lhs) - return '(%s -> %%s)' % lhs, params + [self.key_name] + return '(%s -> %%s)' % lhs, tuple(params) + (self.key_name,) class KeyTransformFactory(object): diff --git a/django/contrib/postgres/fields/jsonb.py b/django/contrib/postgres/fields/jsonb.py index bf1b4ee1a7..559fc5ba4e 100644 --- a/django/contrib/postgres/fields/jsonb.py +++ b/django/contrib/postgres/fields/jsonb.py @@ -107,7 +107,7 @@ class KeyTransform(Transform): lookup = int(self.key_name) except ValueError: lookup = self.key_name - return '(%s %s %%s)' % (lhs, self.operator), params + [lookup] + return '(%s %s %%s)' % (lhs, self.operator), tuple(params) + (lookup,) class KeyTextTransform(KeyTransform): diff --git a/docs/releases/1.11.25.txt b/docs/releases/1.11.25.txt index 4195e8cbe0..0e9e2d7ee5 100644 --- a/docs/releases/1.11.25.txt +++ b/docs/releases/1.11.25.txt @@ -9,4 +9,6 @@ Django 1.11.25 fixes a regression in 1.11.23. Bugfixes ======== -* ... +* Fixed a crash when filtering with a ``Subquery()`` annotation of a queryset + containing :class:`~django.contrib.postgres.fields.JSONField` or + :class:`~django.contrib.postgres.fields.HStoreField` (:ticket:`30769`). diff --git a/tests/postgres_tests/test_hstore.py b/tests/postgres_tests/test_hstore.py index 3ac68e1e69..acad950fbb 100644 --- a/tests/postgres_tests/test_hstore.py +++ b/tests/postgres_tests/test_hstore.py @@ -5,7 +5,7 @@ import json from django.core import exceptions, serializers from django.db import connection -from django.db.models.expressions import RawSQL +from django.db.models.expressions import OuterRef, RawSQL, Subquery from django.forms import Form from django.test.utils import CaptureQueriesContext, modify_settings @@ -189,6 +189,12 @@ class TestQuerying(HStoreTestCase): queries[0]['sql'], ) + def test_obj_subquery_lookup(self): + qs = HStoreModel.objects.annotate( + value=Subquery(HStoreModel.objects.filter(pk=OuterRef('pk')).values('field')), + ).filter(value__a='b') + self.assertSequenceEqual(qs, self.objs[:2]) + class TestSerialization(HStoreTestCase): test_data = ('[{"fields": {"field": "{\\"a\\": \\"b\\"}"}, ' diff --git a/tests/postgres_tests/test_json.py b/tests/postgres_tests/test_json.py index ead2c68df7..b8b5dd481f 100644 --- a/tests/postgres_tests/test_json.py +++ b/tests/postgres_tests/test_json.py @@ -7,7 +7,7 @@ from decimal import Decimal from django.core import exceptions, serializers from django.core.serializers.json import DjangoJSONEncoder from django.db import connection -from django.db.models import F +from django.db.models import F, OuterRef, Subquery from django.db.models.expressions import RawSQL from django.db.models.functions import Cast from django.forms import CharField, Form, widgets @@ -222,6 +222,12 @@ class TestQuerying(PostgreSQLTestCase): [self.objs[7], self.objs[8]] ) + def test_obj_subquery_lookup(self): + qs = JSONModel.objects.annotate( + value=Subquery(JSONModel.objects.filter(pk=OuterRef('pk')).values('field')), + ).filter(value__a='b') + self.assertSequenceEqual(qs, [self.objs[7], self.objs[8]]) + def test_deep_lookup_objs(self): self.assertSequenceEqual( JSONModel.objects.filter(field__k__l='m'), |