reject sqids with many numbers (#9)

julianwachholz · Nov 12, 2024 · a8aa1d4 · a8aa1d4
1 parent 1360ba3
commit a8aa1d4
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/django_sqids/field.py b/django_sqids/field.py
@@ -106,6 +106,8 @@ def get_prep_value(self, value):
         decoded_values = self.sqids_instance.decode(value)
         if not decoded_values:
             return None
+        if len(decoded_values) > 1:
+            return None
         return decoded_values[0]
 
     def from_db_value(self, value, expression, connection, *args):

diff --git a/tests/test_django_sqids.py b/tests/test_django_sqids.py
@@ -529,3 +529,13 @@ def test_url_manually_with_prefix(client):
     assert response.status_code == 200
     assert response.context["object"] == instance
 
+def test_sqid_with_many_numbers():
+    from tests.test_app.models import TestModelWithDifferentConfig
+    instance = TestModelWithDifferentConfig.objects.create()
+    sqids_instance = TestModelWithDifferentConfig.sqid.get_sqid_instance()
+    sqid_single_number = sqids_instance.encode([instance.pk])
+    sqid_two_numbers = sqids_instance.encode([instance.pk, 42])
+
+    assert TestModelWithDifferentConfig.objects.get(sqid=sqid_single_number) == instance
+    with pytest.raises(TestModelWithDifferentConfig.DoesNotExist):
+        TestModelWithDifferentConfig.objects.get(sqid=sqid_two_numbers)