From bd984f9fd27d65fdfa59b6945a05b0636d620d95 Mon Sep 17 00:00:00 2001
From: Tomasz Wysocki <tomasz@wysocki.info>
Date: Thu, 3 Apr 2014 11:12:39 +0200
Subject: [PATCH] Fix url regexp.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

\d allows numbers from other digit systems, so urls like: http://demo.getpinry.com/१७/ are possible. This could lead to some nasty security issues in the future (ie. if you try to use pin number without using `int(...)`).
---
 pinry/core/urls.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pinry/core/urls.py b/pinry/core/urls.py
index 1cc9f7a..0cd33f6 100644
--- a/pinry/core/urls.py
+++ b/pinry/core/urls.py
@@ -30,7 +30,7 @@ urlpatterns = patterns('',
         name='tag-pins'),
     url(r'^pins/user/(?P<user>(\w|-)+)/$', TemplateView.as_view(template_name='core/pins.html'),
         name='user-pins'),
-    url(r'^(?P<pin>\d+)/$', TemplateView.as_view(template_name='core/pins.html'),
+    url(r'^(?P<pin>[0-9]+)/$', TemplateView.as_view(template_name='core/pins.html'),
         name='recent-pins'),
     url(r'^$', TemplateView.as_view(template_name='core/pins.html'),
         name='recent-pins'),