flask-rest-jsonapi icon indicating copy to clipboard operation
flask-rest-jsonapi copied to clipboard

Published 20 hours ago verified publisher icon miLibris

MAX_INCLUDE_DEPTH include parsing for querystring is wrong

Open iamareebjamal opened this issue 6 years ago • 0 comments
trafficstars

Let's take a look at this code

https://github.com/miLibris/flask-rest-jsonapi/blob/b44bc08b11213d49fadae873650d3555889052ec/flask_rest_jsonapi/querystring.py#L193-L201

https://github.com/miLibris/flask-rest-jsonapi/blob/b44bc08b11213d49fadae873650d3555889052ec/flask_rest_jsonapi/querystring.py#L193

This expects self.querystring['include'] to be a list, whereas we know that it is a string by looking at last line

https://github.com/miLibris/flask-rest-jsonapi/blob/b44bc08b11213d49fadae873650d3555889052ec/flask_rest_jsonapi/querystring.py#L201

Hence, this block of code is wrong.

https://github.com/miLibris/flask-rest-jsonapi/blob/b44bc08b11213d49fadae873650d3555889052ec/flask_rest_jsonapi/querystring.py#L195-L199

If MAX_INCLUDE_DEPTH is not None and querystring is not empty, it'll loop through the individual characters of the querystring and not different parts of include string separated by commas

iamareebjamal avatar Oct 03 '19 07:10 iamareebjamal