Fixed #12779 - Sanitize numeric form field input according to decimal and... (0d2a24fd) · Commits · Dom Sekotill / django

django/forms/fields.py

+9 −12

Original line number	Diff line number	Diff line
		@@ -17,9 +17,9 @@ except ImportError:
		from django.core.exceptions import ValidationError
		from django.core import validators
		import django.utils.copycompat as copy
		from django.utils import formats
		from django.utils.translation import ugettext_lazy as _
		from django.utils.encoding import smart_unicode, smart_str
		from django.utils.formats import get_format
		from django.utils.functional import lazy

		# Provide this import for backwards compatibility.
		@@ -213,7 +213,7 @@ class IntegerField(Field):
		value = super(IntegerField, self).to_python(value)
		if value in validators.EMPTY_VALUES:
		return None

		value = formats.sanitize_separators(value)
		try:
		value = int(str(value))
		except (ValueError, TypeError):
		@@ -233,11 +233,9 @@ class FloatField(IntegerField):
		value = super(IntegerField, self).to_python(value)
		if value in validators.EMPTY_VALUES:
		return None

		value = formats.sanitize_separators(value)
		try:
		# We always accept dot as decimal separator
		if isinstance(value, str) or isinstance(value, unicode):
		value = float(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
		value = float(value)
		except (ValueError, TypeError):
		raise ValidationError(self.error_messages['invalid'])
		return value
		@@ -270,11 +268,10 @@ class DecimalField(Field):
		"""
		if value in validators.EMPTY_VALUES:
		return None
		value = formats.sanitize_separators(value)
		value = smart_str(value).strip()
		try:
		# We always accept dot as decimal separator
		if isinstance(value, str) or isinstance(value, unicode):
		value = Decimal(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
		value = Decimal(value)
		except DecimalException:
		raise ValidationError(self.error_messages['invalid'])
		return value
		@@ -329,7 +326,7 @@ class DateField(Field):
		return value.date()
		if isinstance(value, datetime.date):
		return value
		for format in self.input_formats or get_format('DATE_INPUT_FORMATS'):
		for format in self.input_formats or formats.get_format('DATE_INPUT_FORMATS'):
		try:
		return datetime.date(*time.strptime(value, format)[:3])
		except ValueError:
		@@ -355,7 +352,7 @@ class TimeField(Field):
		return None
		if isinstance(value, datetime.time):
		return value
		for format in self.input_formats or get_format('TIME_INPUT_FORMATS'):
		for format in self.input_formats or formats.get_format('TIME_INPUT_FORMATS'):
		try:
		return datetime.time(*time.strptime(value, format)[3:6])
		except ValueError:
		@@ -389,7 +386,7 @@ class DateTimeField(Field):
		if len(value) != 2:
		raise ValidationError(self.error_messages['invalid'])
		value = '%s %s' % tuple(value)
		for format in self.input_formats or get_format('DATETIME_INPUT_FORMATS'):
		for format in self.input_formats or formats.get_format('DATETIME_INPUT_FORMATS'):
		try:
		return datetime.datetime(*time.strptime(value, format)[:6])
		except ValueError:

django/utils/formats.py

+19 −0

Original line number	Diff line number	Diff line
		@@ -109,3 +109,22 @@ def localize_input(value, default=None):
		format = smart_str(default or get_format('TIME_INPUT_FORMATS')[0])
		return value.strftime(format)
		return value

		def sanitize_separators(value):
		"""
		Sanitizes a value according to the current decimal and
		thousand separator setting. Used with form field input.
		"""
		if settings.USE_L10N:
		decimal_separator = get_format('DECIMAL_SEPARATOR')
		if isinstance(value, basestring):
		parts = []
		if decimal_separator in value:
		value, decimals = value.split(decimal_separator, 1)
		parts.append(decimals)
		if settings.USE_THOUSAND_SEPARATOR:
		parts.append(value.replace(get_format('THOUSAND_SEPARATOR'), ''))
		else:
		parts.append(value)
		value = '.'.join(reversed(parts))
		return value

tests/regressiontests/i18n/forms.py

+1 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,7 @@ class I18nForm(forms.Form):
		date_field = forms.DateField()
		datetime_field = forms.DateTimeField()
		time_field = forms.TimeField()
		integer_field = forms.IntegerField()

		class SelectDateForm(forms.Form):
		date_field = forms.DateField(widget=SelectDateWidget)

tests/regressiontests/i18n/models.py

+1 −0

Original line number	Diff line number	Diff line
		@@ -9,6 +9,7 @@ class Company(models.Model):
		name = models.CharField(max_length=50)
		date_added = models.DateTimeField(default=datetime(1799,1,31,23,59,59,0))
		cents_payed = models.DecimalField(max_digits=4, decimal_places=2)
		products_delivered = models.IntegerField()

		__test__ = {'API_TESTS': '''
		>>> tm = TestModel()

tests/regressiontests/i18n/tests.py

+45 −21

Original line number	Diff line number	Diff line
		@@ -103,9 +103,9 @@ class TranslationTests(TestCase):
		class FormattingTests(TestCase):

		def setUp(self):
		self._use_i18n = settings.USE_I18N
		self._use_l10n = settings.USE_L10N
		self._use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
		self.use_i18n = settings.USE_I18N
		self.use_l10n = settings.USE_L10N
		self.use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
		self.n = decimal.Decimal('66666.666')
		self.f = 99999.999
		self.d = datetime.date(2009, 12, 31)
		@@ -121,9 +121,9 @@ class FormattingTests(TestCase):

		def tearDown(self):
		# Restore defaults
		settings.USE_I18N = self._use_i18n
		settings.USE_L10N = self._use_l10n
		settings.USE_THOUSAND_SEPARATOR = self._use_thousand_separator
		settings.USE_I18N = self.use_i18n
		settings.USE_L10N = self.use_l10n
		settings.USE_THOUSAND_SEPARATOR = self.use_thousand_separator

		def test_locale_independent(self):
		"""
		@@ -179,13 +179,15 @@ class FormattingTests(TestCase):
		'float_field': u'99999,999',
		'date_field': u'31/12/2009',
		'datetime_field': u'31/12/2009 20:50',
		'time_field': u'20:50'
		'time_field': u'20:50',
		'integer_field': u'1.234',
		})
		self.assertEqual(False, form.is_valid())
		self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['float_field'])
		self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['decimal_field'])
		self.assertEqual([u'Introdu\xefu una data v\xe0lida.'], form.errors['date_field'])
		self.assertEqual([u'Introdu\xefu una data/hora v\xe0lides.'], form.errors['datetime_field'])
		self.assertEqual([u'Introdu\xefu un n\xfamero sencer.'], form.errors['integer_field'])

		form2 = SelectDateForm({
		'date_field_month': u'12',
		@@ -231,6 +233,22 @@ class FormattingTests(TestCase):
		self.assertEqual(u'66.666,666', Template('{{ n }}').render(self.ctxt))
		self.assertEqual(u'99.999,999', Template('{{ f }}').render(self.ctxt))

		form3 = I18nForm({
		'decimal_field': u'66.666,666',
		'float_field': u'99.999,999',
		'date_field': u'31/12/2009',
		'datetime_field': u'31/12/2009 20:50',
		'time_field': u'20:50',
		'integer_field': u'1.234',
		})
		self.assertEqual(True, form3.is_valid())
		self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
		self.assertEqual(99999.999, form3.cleaned_data['float_field'])
		self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
		self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
		self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
		self.assertEqual(1234, form3.cleaned_data['integer_field'])

		settings.USE_THOUSAND_SEPARATOR = False
		self.assertEqual(u'66666,666', Template('{{ n }}').render(self.ctxt))
		self.assertEqual(u'99999,999', Template('{{ f }}').render(self.ctxt))
		@@ -242,27 +260,29 @@ class FormattingTests(TestCase):
		self.assertEqual(u'31/12/2009', Template('{{ d\|date:"SHORT_DATE_FORMAT" }}').render(self.ctxt))
		self.assertEqual(u'31/12/2009 20:50', Template('{{ dt\|date:"SHORT_DATETIME_FORMAT" }}').render(self.ctxt))

		form3 = I18nForm({
		form4 = I18nForm({
		'decimal_field': u'66666,666',
		'float_field': u'99999,999',
		'date_field': u'31/12/2009',
		'datetime_field': u'31/12/2009 20:50',
		'time_field': u'20:50'
		'time_field': u'20:50',
		'integer_field': u'1234',
		})
		self.assertEqual(True, form3.is_valid())
		self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
		self.assertEqual(99999.999, form3.cleaned_data['float_field'])
		self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
		self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
		self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
		self.assertEqual(True, form4.is_valid())
		self.assertEqual(decimal.Decimal('66666.666'), form4.cleaned_data['decimal_field'])
		self.assertEqual(99999.999, form4.cleaned_data['float_field'])
		self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
		self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form4.cleaned_data['datetime_field'])
		self.assertEqual(datetime.time(20, 50), form4.cleaned_data['time_field'])
		self.assertEqual(1234, form4.cleaned_data['integer_field'])

		form4 = SelectDateForm({
		form5 = SelectDateForm({
		'date_field_month': u'12',
		'date_field_day': u'31',
		'date_field_year': u'2009'
		})
		self.assertEqual(True, form4.is_valid())
		self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
		self.assertEqual(True, form5.is_valid())
		self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
		self.assertEqual(
		u'<select name="mydate_day" id="id_mydate_day">\n<option value="1">1</option>\n<option value="2">2</option>\n<option value="3">3</option>\n<option value="4">4</option>\n<option value="5">5</option>\n<option value="6">6</option>\n<option value="7">7</option>\n<option value="8">8</option>\n<option value="9">9</option>\n<option value="10">10</option>\n<option value="11">11</option>\n<option value="12">12</option>\n<option value="13">13</option>\n<option value="14">14</option>\n<option value="15">15</option>\n<option value="16">16</option>\n<option value="17">17</option>\n<option value="18">18</option>\n<option value="19">19</option>\n<option value="20">20</option>\n<option value="21">21</option>\n<option value="22">22</option>\n<option value="23">23</option>\n<option value="24">24</option>\n<option value="25">25</option>\n<option value="26">26</option>\n<option value="27">27</option>\n<option value="28">28</option>\n<option value="29">29</option>\n<option value="30">30</option>\n<option value="31" selected="selected">31</option>\n</select>\n<select name="mydate_month" id="id_mydate_month">\n<option value="1">gener</option>\n<option value="2">febrer</option>\n<option value="3">mar\xe7</option>\n<option value="4">abril</option>\n<option value="5">maig</option>\n<option value="6">juny</option>\n<option value="7">juliol</option>\n<option value="8">agost</option>\n<option value="9">setembre</option>\n<option value="10">octubre</option>\n<option value="11">novembre</option>\n<option value="12" selected="selected">desembre</option>\n</select>\n<select name="mydate_year" id="id_mydate_year">\n<option value="2009" selected="selected">2009</option>\n<option value="2010">2010</option>\n<option value="2011">2011</option>\n<option value="2012">2012</option>\n<option value="2013">2013</option>\n<option value="2014">2014</option>\n<option value="2015">2015</option>\n<option value="2016">2016</option>\n<option value="2017">2017</option>\n<option value="2018">2018</option>\n</select>',
		SelectDateWidget(years=range(2009, 2019)).render('mydate', datetime.date(2009, 12, 31))
		@@ -312,7 +332,8 @@ class FormattingTests(TestCase):
		'float_field': u'99999.999',
		'date_field': u'12/31/2009',
		'datetime_field': u'12/31/2009 20:50',
		'time_field': u'20:50'
		'time_field': u'20:50',
		'integer_field': u'1234',
		})
		self.assertEqual(True, form5.is_valid())
		self.assertEqual(decimal.Decimal('66666.666'), form5.cleaned_data['decimal_field'])
		@@ -320,6 +341,7 @@ class FormattingTests(TestCase):
		self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
		self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form5.cleaned_data['datetime_field'])
		self.assertEqual(datetime.time(20, 50), form5.cleaned_data['time_field'])
		self.assertEqual(1234, form5.cleaned_data['integer_field'])

		form6 = SelectDateForm({
		'date_field_month': u'12',
		@@ -364,15 +386,17 @@ class FormattingTests(TestCase):
		'name': u'acme',
		'date_added': datetime.datetime(2009, 12, 31, 6, 0, 0),
		'cents_payed': decimal.Decimal('59.47'),
		'products_delivered': 12000,
		})
		form6.save()
		self.assertEqual(True, form6.is_valid())
		self.assertEqual(
		form6.as_ul(),
		u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>'
		u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>\n<li><label for="id_products_delivered">Products delivered:</label> <input type="text" name="products_delivered" value="12000" id="id_products_delivered" /></li>'
		)
		self.assertEqual(localize_input(datetime.datetime(2009, 12, 31, 6, 0, 0)), '31.12.2009 06:00:00')
		self.assertEqual(datetime.datetime(2009, 12, 31, 6, 0, 0), form6.cleaned_data['date_added'])
		settings.USE_THOUSAND_SEPARATOR = True
		self.assert_(u'12.000' in form6.as_ul())
		finally:
		deactivate()