Hey why don't you use django v4 for your projects? On Fri, 20 May, 2022, 08:43 Mike Dewhirst, <mi...@dewhirst.com.au> wrote:
> My billing (Stripe) mechanism is working right up until Django 3.2.9 - > which is where I'm stumped at the moment. > > Django 3.2.10 https://docs.djangoproject.com/en/3.2/releases/3.2.10/ > indicate a URL with a trailing newline can bypass > upstream access control based on URL paths. > > Sadly, I am not aware of any such upstream access control. > > I have tried to repair it with fixid() within change_view() where > object_id occurs but that doesn't achieve anything. > > def fixid(txt): > try: > return str(txt).split("/")[0] > except ValueError: > pass > return txt > > How can I fix the following error and move forward to 3.2.13? > > Many thanks > > Mike > - - - - - - - - > > Exception Type: ValueError at > /admin/chemical/chemical/29/change/payment/change/ > Exception Value: Field 'id' expected a number but got '29/change/payment'. > > Environment: > > Request Method: GET > Request URL: > http://localhost:8088/admin/chemical/chemical/29/change/payment/change/ > > Django Version: 3.2.13 > Python Version: 3.8.3 > Installed Applications: > ['filebrowser', > 'django.contrib.auth', > 'django.contrib.contenttypes', > 'django.contrib.sessions', > 'django.contrib.messages', > 'django.contrib.admin', > 'django.contrib.admindocs', > 'django.contrib.staticfiles', > 'django.contrib.sites', > 'django.contrib.sitemaps', > 'tinymce', > 'billing', > 'chemical', > 'common', > 'company', > 'credit', > 'refer', > 'report'] > Installed Middleware: > ['django.middleware.security.SecurityMiddleware', > 'django.middleware.cache.UpdateCacheMiddleware', > 'django.contrib.sessions.middleware.SessionMiddleware', > 'django.middleware.locale.LocaleMiddleware', > 'django.middleware.common.CommonMiddleware', > 'django.middleware.csrf.CsrfViewMiddleware', > 'django.contrib.auth.middleware.AuthenticationMiddleware', > 'django.contrib.messages.middleware.MessageMiddleware', > 'django.contrib.admindocs.middleware.XViewMiddleware', > 'django.middleware.clickjacking.XFrameOptionsMiddleware', > 'pwned_passwords_django.middleware.PwnedPasswordsMiddleware', > 'django.middleware.cache.FetchFromCacheMiddleware'] > > > > Traceback (most recent call last): > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\fields\__init__.py", > > line 1823, in get_prep_value > return int(value) > > The above exception (invalid literal for int() with base 10: > '29/change/payment') was the direct cause of the following exception: > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\core\handlers\exception.py", > > line 47, in inner > response = get_response(request) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\core\handlers\base.py", > line 181, in _get_response > response = wrapped_callback(request, *callback_args, > **callback_kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\contrib\admin\options.py", > > line 616, in wrapper > return self.admin_site.admin_view(view)(*args, **kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\utils\decorators.py", > line 130, in _wrapped_view > response = view_func(request, *args, **kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\views\decorators\cache.py", > > line 44, in _wrapped_view_func > response = view_func(request, *args, **kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\contrib\admin\sites.py", > line 232, in inner > return view(request, *args, **kwargs) > File "D:\Users\mike\envs\xxai\aicis\chemical\admin.py", line 268, in > change_view > chemical = Chemical.objects.get(id=object_id) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\manager.py", > line 85, in manager_method > return getattr(self.get_queryset(), name)(*args, **kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\query.py", > line 424, in get > clone = self._chain() if self.query.combinator else > self.filter(*args, **kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\query.py", > line 941, in filter > return self._filter_or_exclude(False, args, kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\query.py", > line 961, in _filter_or_exclude > clone._filter_or_exclude_inplace(negate, args, kwargs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\query.py", > line 968, in _filter_or_exclude_inplace > self._query.add_q(Q(*args, **kwargs)) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\sql\query.py", > line 1416, in add_q > clause, _ = self._add_q(q_object, self.used_aliases) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\sql\query.py", > line 1435, in _add_q > child_clause, needed_inner = self.build_filter( > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\sql\query.py", > line 1370, in build_filter > condition = self.build_lookup(lookups, col, value) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\sql\query.py", > line 1216, in build_lookup > lookup = lookup_class(lhs, rhs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\lookups.py", > line 25, in __init__ > self.rhs = self.get_prep_lookup() > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\lookups.py", > line 77, in get_prep_lookup > return self.lhs.output_field.get_prep_value(self.rhs) > File > "D:\Users\mike\envs\xxai\lib\site-packages\django\db\models\fields\__init__.py", > > line 1825, in get_prep_value > raise e.__class__( > > Exception Type: ValueError at > /admin/chemical/chemical/29/change/payment/change/ > Exception Value: Field 'id' expected a number but got '29/change/payment'. > > > > -- > Signed email is an absolute defence against phishing. This email has > been signed with my private key. If you import my public key you can > automatically decrypt my signature and be sure it came from me. Just > ask and I'll send it to you. Your email software can handle signing. > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/743baac5-d14d-ba69-d7db-6b0c28f23e05%40dewhirst.com.au > . > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAF7qQgCM%2BfqC0-JhMMtZjnCzdxWz4xfHfyNCmBvxZgvcxAUFBA%40mail.gmail.com.
