Commit c3b036b7 authored by BAIRE Anthony's avatar BAIRE Anthony

make the regex pattern non-fuzzy

(because this endpoint is security-related)
parent 7156eb58
......@@ -1506,7 +1506,7 @@ def auth(request):
return HttpResponse(status=401)
# find the relevant job
mo = re.search(r'/datastore/(\d+)/', request.META['HTTP_X_ORIGINAL_URI'])
mo = re.match(r'(?:/api/v1)?/datastore/(\d+)/', request.META['HTTP_X_ORIGINAL_URI'])
if mo:
job = Job.objects.filter(id=int(mo.group(1))).first()
if job is not None and job.user == user:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment