test shoppingFood API

2026-01-10 16:47:59 -05:00 · 2021-12-15 07:24:12 -06:00
parent ea7d34c8d2
commit e7e3a3083d
5 changed files with 123 additions and 22 deletions
--- a/cookbook/views/views.py
+++ b/cookbook/views/views.py
@@ -254,13 +254,13 @@ def latest_shopping_list(request):


@group_required('user')
-def shopping_list(request, pk=None):
+def shopping_list(request, pk=None):  # TODO deprecate
    html_list = request.GET.getlist('r')

    recipes = []
    for r in html_list:
        r = r.replace('[', '').replace(']', '')
-        if re.match(r'^([0-9])+,([0-9])+[.]*([0-9])*$', r):
+        if re.match(r'^([0-9])+,([0-9])+[.]*([0-9])*$', r):  # vulnerable to DoS
            rid, multiplier = r.split(',')
            if recipe := Recipe.objects.filter(pk=int(rid), space=request.space).first():
                recipes.append({'recipe': recipe.id, 'multiplier': multiplier})