diff --git a/django/contrib/admin/views/main.py b/django/contrib/admin/views/main.py index c4970af53c..b450e89459 100644 --- a/django/contrib/admin/views/main.py +++ b/django/contrib/admin/views/main.py @@ -99,14 +99,7 @@ class ChangeList(object): def get_results(self, request): paginator = Paginator(self.query_set, self.list_per_page) # Get the number of objects, with admin filters applied. - try: - result_count = paginator.count - # Naked except! Because we don't have any other way of validating - # "params". They might be invalid if the keyword arguments are - # incorrect, or if the values are not in the correct type (which would - # result in a database error). - except: - raise IncorrectLookupParameters + result_count = paginator.count # Get the total number of objects, with no admin filters applied. # Perform a slight optimization: Check to see whether any filters were @@ -192,7 +185,15 @@ class ChangeList(object): lookup_params[key] = value.split(',') # Apply lookup parameters from the query string. - qs = qs.filter(**lookup_params) + try: + qs = qs.filter(**lookup_params) + # Naked except! Because we don't have any other way of validating "params". + # They might be invalid if the keyword arguments are incorrect, or if the + # values are not in the correct type, so we might get FieldError, ValueError, + # ValicationError, or ? from a custom field that raises yet something else + # when handed impossible data. + except: + raise IncorrectLookupParameters # Use select_related() if one of the list_display options is a field # with a relationship. diff --git a/tests/regressiontests/admin_views/tests.py b/tests/regressiontests/admin_views/tests.py index bc9d1d49ae..f335c093de 100644 --- a/tests/regressiontests/admin_views/tests.py +++ b/tests/regressiontests/admin_views/tests.py @@ -160,7 +160,14 @@ class AdminViewBasicTest(TestCase): 'Blue' in response.content, "Changelist filter not correctly limited by limit_choices_to." ) - + + def testIncorrectLookupParameters(self): + """Ensure incorrect lookup parameters are handled gracefully.""" + response = self.client.get('/test_admin/admin/admin_views/thing/', {'notarealfield': '5'}) + self.assertRedirects(response, '/test_admin/admin/admin_views/thing/?e=1') + response = self.client.get('/test_admin/admin/admin_views/thing/', {'color__id__exact': 'StringNotInteger!'}) + self.assertRedirects(response, '/test_admin/admin/admin_views/thing/?e=1') + def get_perm(Model, perm): """Return the permission object, for the Model""" ct = ContentType.objects.get_for_model(Model)