From 7740c2cbc73b8730677daa42434bb282a1130493 Mon Sep 17 00:00:00 2001
From: Changaco <changaco@changaco.oy.lc>
Date: Thu, 21 Sep 2023 14:51:59 +0200
Subject: [PATCH] further restrict the range of `weeks_early`

---
 www/%username/giving/pay/%payment_id.spt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/www/%username/giving/pay/%payment_id.spt b/www/%username/giving/pay/%payment_id.spt
index 1c44d1c1c..57212f539 100644
--- a/www/%username/giving/pay/%payment_id.spt
+++ b/www/%username/giving/pay/%payment_id.spt
@@ -50,7 +50,7 @@ elif payin_id:
         raise response.error(404, "unknown payin ID in URL path")
     response.redirect(payer.path('giving/pay/stripe/%i' % payin.id))
 
-weeks_early = request.qs.get_int('weeks_early', default=3)
+weeks_early = request.qs.get_int('weeks_early', default=3, minimum=1, maximum=520)
 donation_groups, n_fundable = payer.get_tips_awaiting_payment(weeks_early)
 donations_not_fundable = (
     donation_groups['no_provider'] +