[4.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template filter.

Thanks Seokchan Yoon for the report. Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com> Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> Co-authored-by: Shai Berger <shai@platonix.com>
author: Adam Johnson <me@adamj.eu> 2024-01-22 13:21:13 +0000
committer: Natalia <124304+nessita@users.noreply.github.com> 2024-02-06 09:56:20 -0300
commit: 572ea07e84b38ea8de0551f4b4eda685d91d09d2 (patch)
tree: b1af886bda265a2c297e1a800f5ff675179f7237 /django
parent: 9fe7411235b7fb133eed5093fee714c4c7db4c98 (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/django/contrib/humanize/templatetags/humanize.py b/django/contrib/humanize/templatetags/humanize.py
index 23224779c5..2c26f8944a 100644
--- a/django/contrib/humanize/templatetags/humanize.py
+++ b/django/contrib/humanize/templatetags/humanize.py
@@ -75,12 +75,13 @@ def intcomma(value, use_l10n=True):
             return intcomma(value, False)
         else:
             return number_format(value, use_l10n=True, force_grouping=True)
-    orig = str(value)
-    new = re.sub(r"^(-?\d+)(\d{3})", r"\g<1>,\g<2>", orig)
-    if orig == new:
-        return new
-    else:
-        return intcomma(new, use_l10n)
+    result = str(value)
+    match = re.match(r"-?\d+", result)
+    if match:
+        prefix = match[0]
+        prefix_with_commas = re.sub(r"\d{3}", r"\g<0>,", prefix[::-1])[::-1]
+        result = prefix_with_commas + result[len(prefix) :]
+    return result
 
 
 # A tuple of standard large number to their converters
author	Adam Johnson <me@adamj.eu>	2024-01-22 13:21:13 +0000
committer	Natalia <124304+nessita@users.noreply.github.com>	2024-02-06 09:56:20 -0300
commit	572ea07e84b38ea8de0551f4b4eda685d91d09d2 (patch)
tree	b1af886bda265a2c297e1a800f5ff675179f7237 /django
parent	9fe7411235b7fb133eed5093fee714c4c7db4c98 (diff)