Skip to content

Fixed #36267 -- Fixed contenttypes shortcut() view crash with an invalid object_id for a UUIDField pk. #19296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 2, 2025
Merged

Fixed #36267 -- Fixed contenttypes shortcut() view crash with an invalid object_id for a UUIDField pk. #19296

merged 1 commit into from
Apr 2, 2025

Conversation

@AhmedNassar7
Copy link
Contributor

@AhmedNassar7 AhmedNassar7 commented Mar 21, 2025

Trac ticket number

ticket-36267

Branch description

Addressed an issue in content_type.views.shortcut, where passing an invalid UUID to the view results in an unhandled ValidationError. This occurs when attempting to access the "View on Site" button in the Django admin panel with an incorrect UUID format.

Checklist

  • This PR targets the main branch.
  • The commit message is written in past tense, mentions the ticket number, and ends with a period.
  • I have checked the "Has patch" ticket flag in the Trac system.
  • I have added or updated relevant tests.
  • I have added or updated relevant docs, including release notes if applicable.
  • I have attached screenshots in both light and dark modes for any UI changes.

cliffordgama
cliffordgama reviewed Mar 22, 2025
View reviewed changes
Copy link
Member

@cliffordgama cliffordgama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @AhmedNassar7 for picking this up. I left some suggestions

django/contrib/contenttypes/views.py Outdated
Comment on lines 27 to 42
Copy link
Member

@cliffordgama cliffordgama Mar 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want to special case UUIDField in this way here. Such validation is delegated to the ORM and is not at issue here.

Copy link
Member

@cliffordgama cliffordgama Mar 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather, we want to catch the uncaught ValidationError in the same way we are catching ValueError and ObjectDoesNotExist and return a 404

django/contrib/contenttypes/views.py Outdated
Comment on lines 70 to 75
Copy link
Member

@cliffordgama cliffordgama Mar 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't catch bare Exception

timgraham
timgraham reviewed Mar 23, 2025
View reviewed changes
@AhmedNassar7 AhmedNassar7 requested a review from timgraham March 31, 2025 19:02
cliffordgama
cliffordgama reviewed Mar 31, 2025
View reviewed changes
Copy link
Member

@cliffordgama cliffordgama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates!

django/contrib/contenttypes/views.py Outdated
Comment on lines 21 to 28
Copy link
Member

@cliffordgama cliffordgama Mar 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
try:
obj = content_type.get_object_for_this_type(pk=object_id)
except (ObjectDoesNotExist, ValueError, ValidationError):
raise Http404(
_("Content type %(ct_id)s object %(obj_id)s doesn't exist")
% {"ct_id": content_type_id, "obj_id": object_id}
)
except ContentType.DoesNotExist:
obj = content_type.get_object_for_this_type(pk=object_id)
except (ObjectDoesNotExist, ValueError, ValidationError):

the try block we already have should do 👍🏾

django/contrib/contenttypes/views.py Outdated
Copy link
Member

@cliffordgama cliffordgama Mar 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
_("Content type %(ct_id)s doesn’t exist") % {"ct_id": content_type_id}
_("Content type %(ct_id)s object %(obj_id)s doesn’t exist")
% {"ct_id": content_type_id, "obj_id": object_id}

cliffordgama
cliffordgama approved these changes Apr 1, 2025
View reviewed changes
Copy link
Member

@cliffordgama cliffordgama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me. Thank you!

@sarahboyce sarahboyce changed the title Fixed #36267 -- Handled invalid UUIDs in content_type.views.shortcut Fixed #36267 -- Fixed contenttypes shortcut() view crash with an invalid object_id for a UUIDField pk. Apr 1, 2025
sarahboyce
sarahboyce approved these changes Apr 1, 2025
View reviewed changes
Copy link
Contributor

@sarahboyce sarahboyce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

timgraham
timgraham reviewed Apr 1, 2025
View reviewed changes
@sarahboyce sarahboyce merged commit 00c68f0 into django:main Apr 2, 2025
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timgraham timgraham timgraham left review comments

@sarahboyce sarahboyce sarahboyce approved these changes

+1 more reviewer

@cliffordgama cliffordgama cliffordgama approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@AhmedNassar7 @timgraham @sarahboyce @cliffordgama