Hopiu/django-axes
1
0
Fork 0
mirror of https://github.com/jazzband/django-axes.git synced 2026-05-10 00:24:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #75 from peterkuma/postdatafix-pr

Browse source 
Limit amount of POST data logged (#73)
This commit is contained in:
Camilo Nova 2014-09-17 15:55:48 -05:00
commit 4d9d240552
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
axes/decorators.py
View file

@ -146,20 +146,20 @@ def get_lockout_url():
return getattr(settings, 'AXES_LOCKOUT_URL', None)
def query2str(items):
def query2str(items, max_length=1024):
"""Turns a dictionary into an easy-to-read list of key-value pairs.
If there's a field called "password" it will be excluded from the output.
The length of the output is limited to max_length to avoid a DoS attack.
"""
# Limit the length of the value to avoid a DoS attack
value_maxlimit = 256
kvs = []
for k, v in items:
if k != 'password':
kvs.append(six.u('%s=%s') % (k, v[:256]))
kvs.append(six.u('%s=%s') % (k, v))
return '\n'.join(kvs)
return '\n'.join(kvs)[:max_length]
def ip_in_whitelist(ip):