Limit the length of the values logged into the database. Refs #73

2026-03-16 22:30:23 +00:00 · 2014-05-10 12:38:04 -05:00 · 2014-05-10 12:38:04 -05:00 · 4daba3daa3
commit 4daba3daa3
parent 22a7d7e160
1 changed files with 3 additions and 1 deletions
--- a/axes/decorators.py
+++ b/axes/decorators.py
@ -85,11 +85,13 @@ def query2str(items):

    If there's a field called "password" it will be excluded from the output.
    """
+    # Limit the length of the value to avoid a DoS attack
+    value_maxlimit = 256

    kvs = []
    for k, v in items:
        if k != 'password':
-            kvs.append(six.u('%s=%s') % (k, v))
+            kvs.append(six.u('%s=%s') % (k, v[:256]))

    return '\n'.join(kvs)