From d01cb26c4a057297087c4fde0cb75983acf89bcf Mon Sep 17 00:00:00 2001 From: vabene1111 Date: Thu, 3 Feb 2022 15:46:59 +0100 Subject: [PATCH] length filter for add to old shopping list --- cookbook/views/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cookbook/views/views.py b/cookbook/views/views.py index 088d18bbf..ad69bbdf8 100644 --- a/cookbook/views/views.py +++ b/cookbook/views/views.py @@ -260,7 +260,7 @@ def shopping_list(request, pk=None): # TODO deprecate recipes = [] for r in html_list: r = r.replace('[', '').replace(']', '') - if re.match(r'^([0-9])+,([0-9])+[.]*([0-9])*$', r): # vulnerable to DoS + if len(r) < 10000 and re.match(r'^([0-9])+,([0-9])+[.]*([0-9])*$', r): rid, multiplier = r.split(',') if recipe := Recipe.objects.filter(pk=int(rid), space=request.space).first(): recipes.append({'recipe': recipe.id, 'multiplier': multiplier})