From 0d2a24fd4234d2c6551179b1ef4694229602ba90 Mon Sep 17 00:00:00 2001
From: Jannis Leidel <jannis@leidel.info>
Date: Mon, 1 Mar 2010 10:19:24 +0000
Subject: [PATCH] Fixed #12779 - Sanitize numeric form field input according to
 decimal and thousand separator settings.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12625 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 django/forms/fields.py               | 21 ++++-----
 django/utils/formats.py              | 19 ++++++++
 tests/regressiontests/i18n/forms.py  |  1 +
 tests/regressiontests/i18n/models.py |  1 +
 tests/regressiontests/i18n/tests.py  | 66 +++++++++++++++++++---------
 5 files changed, 75 insertions(+), 33 deletions(-)

diff --git a/django/forms/fields.py b/django/forms/fields.py
index 6d0fdea26e..b31fe805ae 100644
--- a/django/forms/fields.py
+++ b/django/forms/fields.py
@@ -17,9 +17,9 @@ except ImportError:
 from django.core.exceptions import ValidationError
 from django.core import validators
 import django.utils.copycompat as copy
+from django.utils import formats
 from django.utils.translation import ugettext_lazy as _
 from django.utils.encoding import smart_unicode, smart_str
-from django.utils.formats import get_format
 from django.utils.functional import lazy
 
 # Provide this import for backwards compatibility.
@@ -213,7 +213,7 @@ class IntegerField(Field):
         value = super(IntegerField, self).to_python(value)
         if value in validators.EMPTY_VALUES:
             return None
-
+        value = formats.sanitize_separators(value)
         try:
             value = int(str(value))
         except (ValueError, TypeError):
@@ -233,11 +233,9 @@ class FloatField(IntegerField):
         value = super(IntegerField, self).to_python(value)
         if value in validators.EMPTY_VALUES:
             return None
-
+        value = formats.sanitize_separators(value)
         try:
-            # We always accept dot as decimal separator
-            if isinstance(value, str) or isinstance(value, unicode):
-                value = float(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
+            value = float(value)
         except (ValueError, TypeError):
             raise ValidationError(self.error_messages['invalid'])
         return value
@@ -270,11 +268,10 @@ class DecimalField(Field):
         """
         if value in validators.EMPTY_VALUES:
             return None
+        value = formats.sanitize_separators(value)
         value = smart_str(value).strip()
         try:
-            # We always accept dot as decimal separator
-            if isinstance(value, str) or isinstance(value, unicode):
-                value = Decimal(value.replace(get_format('DECIMAL_SEPARATOR'), '.'))
+            value = Decimal(value)
         except DecimalException:
             raise ValidationError(self.error_messages['invalid'])
         return value
@@ -329,7 +326,7 @@ class DateField(Field):
             return value.date()
         if isinstance(value, datetime.date):
             return value
-        for format in self.input_formats or get_format('DATE_INPUT_FORMATS'):
+        for format in self.input_formats or formats.get_format('DATE_INPUT_FORMATS'):
             try:
                 return datetime.date(*time.strptime(value, format)[:3])
             except ValueError:
@@ -355,7 +352,7 @@ class TimeField(Field):
             return None
         if isinstance(value, datetime.time):
             return value
-        for format in self.input_formats or get_format('TIME_INPUT_FORMATS'):
+        for format in self.input_formats or formats.get_format('TIME_INPUT_FORMATS'):
             try:
                 return datetime.time(*time.strptime(value, format)[3:6])
             except ValueError:
@@ -389,7 +386,7 @@ class DateTimeField(Field):
             if len(value) != 2:
                 raise ValidationError(self.error_messages['invalid'])
             value = '%s %s' % tuple(value)
-        for format in self.input_formats or get_format('DATETIME_INPUT_FORMATS'):
+        for format in self.input_formats or formats.get_format('DATETIME_INPUT_FORMATS'):
             try:
                 return datetime.datetime(*time.strptime(value, format)[:6])
             except ValueError:
diff --git a/django/utils/formats.py b/django/utils/formats.py
index 88f744b96d..31027abd23 100644
--- a/django/utils/formats.py
+++ b/django/utils/formats.py
@@ -109,3 +109,22 @@ def localize_input(value, default=None):
         format = smart_str(default or get_format('TIME_INPUT_FORMATS')[0])
         return value.strftime(format)
     return value
+
+def sanitize_separators(value):
+    """
+    Sanitizes a value according to the current decimal and
+    thousand separator setting. Used with form field input.
+    """
+    if settings.USE_L10N:
+        decimal_separator = get_format('DECIMAL_SEPARATOR')
+        if isinstance(value, basestring):
+            parts = []
+            if decimal_separator in value:
+                value, decimals = value.split(decimal_separator, 1)
+                parts.append(decimals)
+            if settings.USE_THOUSAND_SEPARATOR:
+                parts.append(value.replace(get_format('THOUSAND_SEPARATOR'), ''))
+            else:
+                parts.append(value)
+            value = '.'.join(reversed(parts))
+    return value
diff --git a/tests/regressiontests/i18n/forms.py b/tests/regressiontests/i18n/forms.py
index 8df066c6fd..8ed834c9d0 100644
--- a/tests/regressiontests/i18n/forms.py
+++ b/tests/regressiontests/i18n/forms.py
@@ -8,6 +8,7 @@ class I18nForm(forms.Form):
     date_field = forms.DateField()
     datetime_field = forms.DateTimeField()
     time_field = forms.TimeField()
+    integer_field = forms.IntegerField()
 
 class SelectDateForm(forms.Form):
     date_field = forms.DateField(widget=SelectDateWidget)
diff --git a/tests/regressiontests/i18n/models.py b/tests/regressiontests/i18n/models.py
index 2ff5fc4bd1..8b142b36bc 100644
--- a/tests/regressiontests/i18n/models.py
+++ b/tests/regressiontests/i18n/models.py
@@ -9,6 +9,7 @@ class Company(models.Model):
     name = models.CharField(max_length=50)
     date_added = models.DateTimeField(default=datetime(1799,1,31,23,59,59,0))
     cents_payed = models.DecimalField(max_digits=4, decimal_places=2)
+    products_delivered = models.IntegerField()
 
 __test__ = {'API_TESTS': '''
 >>> tm = TestModel()
diff --git a/tests/regressiontests/i18n/tests.py b/tests/regressiontests/i18n/tests.py
index a4d0d90400..fba7877101 100644
--- a/tests/regressiontests/i18n/tests.py
+++ b/tests/regressiontests/i18n/tests.py
@@ -103,9 +103,9 @@ class TranslationTests(TestCase):
 class FormattingTests(TestCase):
 
     def setUp(self):
-        self._use_i18n = settings.USE_I18N
-        self._use_l10n = settings.USE_L10N
-        self._use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
+        self.use_i18n = settings.USE_I18N
+        self.use_l10n = settings.USE_L10N
+        self.use_thousand_separator = settings.USE_THOUSAND_SEPARATOR
         self.n = decimal.Decimal('66666.666')
         self.f = 99999.999
         self.d = datetime.date(2009, 12, 31)
@@ -121,9 +121,9 @@ class FormattingTests(TestCase):
 
     def tearDown(self):
         # Restore defaults
-        settings.USE_I18N = self._use_i18n
-        settings.USE_L10N = self._use_l10n
-        settings.USE_THOUSAND_SEPARATOR = self._use_thousand_separator
+        settings.USE_I18N = self.use_i18n
+        settings.USE_L10N = self.use_l10n
+        settings.USE_THOUSAND_SEPARATOR = self.use_thousand_separator
 
     def test_locale_independent(self):
         """
@@ -179,13 +179,15 @@ class FormattingTests(TestCase):
                 'float_field': u'99999,999',
                 'date_field': u'31/12/2009',
                 'datetime_field': u'31/12/2009 20:50',
-                'time_field': u'20:50'
+                'time_field': u'20:50',
+                'integer_field': u'1.234',
             })
             self.assertEqual(False, form.is_valid())
             self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['float_field'])
             self.assertEqual([u'Introdu\xefu un n\xfamero.'], form.errors['decimal_field'])
             self.assertEqual([u'Introdu\xefu una data v\xe0lida.'], form.errors['date_field'])
             self.assertEqual([u'Introdu\xefu una data/hora v\xe0lides.'], form.errors['datetime_field'])
+            self.assertEqual([u'Introdu\xefu un n\xfamero sencer.'], form.errors['integer_field'])
 
             form2 = SelectDateForm({
                 'date_field_month': u'12',
@@ -231,6 +233,22 @@ class FormattingTests(TestCase):
             self.assertEqual(u'66.666,666', Template('{{ n }}').render(self.ctxt))
             self.assertEqual(u'99.999,999', Template('{{ f }}').render(self.ctxt))
 
+            form3 = I18nForm({
+                'decimal_field': u'66.666,666',
+                'float_field': u'99.999,999',
+                'date_field': u'31/12/2009',
+                'datetime_field': u'31/12/2009 20:50',
+                'time_field': u'20:50',
+                'integer_field': u'1.234',
+            })
+            self.assertEqual(True, form3.is_valid())
+            self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
+            self.assertEqual(99999.999, form3.cleaned_data['float_field'])
+            self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
+            self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
+            self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
+            self.assertEqual(1234, form3.cleaned_data['integer_field'])
+
             settings.USE_THOUSAND_SEPARATOR = False
             self.assertEqual(u'66666,666', Template('{{ n }}').render(self.ctxt))
             self.assertEqual(u'99999,999', Template('{{ f }}').render(self.ctxt))
@@ -242,27 +260,29 @@ class FormattingTests(TestCase):
             self.assertEqual(u'31/12/2009', Template('{{ d|date:"SHORT_DATE_FORMAT" }}').render(self.ctxt))
             self.assertEqual(u'31/12/2009 20:50', Template('{{ dt|date:"SHORT_DATETIME_FORMAT" }}').render(self.ctxt))
 
-            form3 = I18nForm({
+            form4 = I18nForm({
                 'decimal_field': u'66666,666',
                 'float_field': u'99999,999',
                 'date_field': u'31/12/2009',
                 'datetime_field': u'31/12/2009 20:50',
-                'time_field': u'20:50'
+                'time_field': u'20:50',
+                'integer_field': u'1234',
             })
-            self.assertEqual(True, form3.is_valid())
-            self.assertEqual(decimal.Decimal('66666.666'), form3.cleaned_data['decimal_field'])
-            self.assertEqual(99999.999, form3.cleaned_data['float_field'])
-            self.assertEqual(datetime.date(2009, 12, 31), form3.cleaned_data['date_field'])
-            self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form3.cleaned_data['datetime_field'])
-            self.assertEqual(datetime.time(20, 50), form3.cleaned_data['time_field'])
+            self.assertEqual(True, form4.is_valid())
+            self.assertEqual(decimal.Decimal('66666.666'), form4.cleaned_data['decimal_field'])
+            self.assertEqual(99999.999, form4.cleaned_data['float_field'])
+            self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
+            self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form4.cleaned_data['datetime_field'])
+            self.assertEqual(datetime.time(20, 50), form4.cleaned_data['time_field'])
+            self.assertEqual(1234, form4.cleaned_data['integer_field'])
 
-            form4 = SelectDateForm({
+            form5 = SelectDateForm({
                 'date_field_month': u'12',
                 'date_field_day': u'31',
                 'date_field_year': u'2009'
             })
-            self.assertEqual(True, form4.is_valid())
-            self.assertEqual(datetime.date(2009, 12, 31), form4.cleaned_data['date_field'])
+            self.assertEqual(True, form5.is_valid())
+            self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
             self.assertEqual(
                 u'<select name="mydate_day" id="id_mydate_day">\n<option value="1">1</option>\n<option value="2">2</option>\n<option value="3">3</option>\n<option value="4">4</option>\n<option value="5">5</option>\n<option value="6">6</option>\n<option value="7">7</option>\n<option value="8">8</option>\n<option value="9">9</option>\n<option value="10">10</option>\n<option value="11">11</option>\n<option value="12">12</option>\n<option value="13">13</option>\n<option value="14">14</option>\n<option value="15">15</option>\n<option value="16">16</option>\n<option value="17">17</option>\n<option value="18">18</option>\n<option value="19">19</option>\n<option value="20">20</option>\n<option value="21">21</option>\n<option value="22">22</option>\n<option value="23">23</option>\n<option value="24">24</option>\n<option value="25">25</option>\n<option value="26">26</option>\n<option value="27">27</option>\n<option value="28">28</option>\n<option value="29">29</option>\n<option value="30">30</option>\n<option value="31" selected="selected">31</option>\n</select>\n<select name="mydate_month" id="id_mydate_month">\n<option value="1">gener</option>\n<option value="2">febrer</option>\n<option value="3">mar\xe7</option>\n<option value="4">abril</option>\n<option value="5">maig</option>\n<option value="6">juny</option>\n<option value="7">juliol</option>\n<option value="8">agost</option>\n<option value="9">setembre</option>\n<option value="10">octubre</option>\n<option value="11">novembre</option>\n<option value="12" selected="selected">desembre</option>\n</select>\n<select name="mydate_year" id="id_mydate_year">\n<option value="2009" selected="selected">2009</option>\n<option value="2010">2010</option>\n<option value="2011">2011</option>\n<option value="2012">2012</option>\n<option value="2013">2013</option>\n<option value="2014">2014</option>\n<option value="2015">2015</option>\n<option value="2016">2016</option>\n<option value="2017">2017</option>\n<option value="2018">2018</option>\n</select>',
                 SelectDateWidget(years=range(2009, 2019)).render('mydate', datetime.date(2009, 12, 31))
@@ -312,7 +332,8 @@ class FormattingTests(TestCase):
                 'float_field': u'99999.999',
                 'date_field': u'12/31/2009',
                 'datetime_field': u'12/31/2009 20:50',
-                'time_field': u'20:50'
+                'time_field': u'20:50',
+                'integer_field': u'1234',
             })
             self.assertEqual(True, form5.is_valid())
             self.assertEqual(decimal.Decimal('66666.666'), form5.cleaned_data['decimal_field'])
@@ -320,6 +341,7 @@ class FormattingTests(TestCase):
             self.assertEqual(datetime.date(2009, 12, 31), form5.cleaned_data['date_field'])
             self.assertEqual(datetime.datetime(2009, 12, 31, 20, 50), form5.cleaned_data['datetime_field'])
             self.assertEqual(datetime.time(20, 50), form5.cleaned_data['time_field'])
+            self.assertEqual(1234, form5.cleaned_data['integer_field'])
 
             form6 = SelectDateForm({
                 'date_field_month': u'12',
@@ -364,15 +386,17 @@ class FormattingTests(TestCase):
                 'name': u'acme',
                 'date_added': datetime.datetime(2009, 12, 31, 6, 0, 0),
                 'cents_payed': decimal.Decimal('59.47'),
+                'products_delivered': 12000,
             })
-            form6.save()
             self.assertEqual(True, form6.is_valid())
             self.assertEqual(
                 form6.as_ul(),
-                u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>'
+                u'<li><label for="id_name">Name:</label> <input id="id_name" type="text" name="name" value="acme" maxlength="50" /></li>\n<li><label for="id_date_added">Date added:</label> <input type="text" name="date_added" value="31.12.2009 06:00:00" id="id_date_added" /></li>\n<li><label for="id_cents_payed">Cents payed:</label> <input type="text" name="cents_payed" value="59,47" id="id_cents_payed" /></li>\n<li><label for="id_products_delivered">Products delivered:</label> <input type="text" name="products_delivered" value="12000" id="id_products_delivered" /></li>'
             )
             self.assertEqual(localize_input(datetime.datetime(2009, 12, 31, 6, 0, 0)), '31.12.2009 06:00:00')
             self.assertEqual(datetime.datetime(2009, 12, 31, 6, 0, 0), form6.cleaned_data['date_added'])
+            settings.USE_THOUSAND_SEPARATOR = True
+            self.assert_(u'12.000' in form6.as_ul())
         finally:
             deactivate()