From ad6114a462fcd7d3c4f5813987654c228569b459 Mon Sep 17 00:00:00 2001
From: shaeespring <shaeespring@gmail.com>
Date: Sat, 18 Oct 2025 09:58:17 -0400
Subject: [PATCH 1/2] disallow non-digit characters in phone numbers

---
 fcwebapp/__init__.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/fcwebapp/__init__.py b/fcwebapp/__init__.py
index 27ce81a..3c107c5 100644
--- a/fcwebapp/__init__.py
+++ b/fcwebapp/__init__.py
@@ -1,4 +1,5 @@
 import os
+import re
 import uuid
 from datetime import datetime
 
@@ -133,9 +134,12 @@ def profile_edit(user: UserInfo):
     for k, v in request.form.items():
         print(k, v)
         match k:
-            case 'phone_number':
-                num = v.strip().replace(' ', '').replace('-', '').replace('_', '')
-                user.phone_number = num
+            case "phone_number":
+                num = re.sub("\\D", "", v)
+                if len(num) < 10:
+                    return redirect('/profile',code=302)
+                else:
+                    user.phone_number = num
             case 'allergy':
                 user.allergy = v
             case 'diet':

From a323830517a42816ad0d22c037461dcd9714da10 Mon Sep 17 00:00:00 2001
From: shaeespring <shaeespring@gmail.com>
Date: Sat, 18 Oct 2025 10:14:21 -0400
Subject: [PATCH 2/2] adding max/min digit length

---
 fcwebapp/__init__.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fcwebapp/__init__.py b/fcwebapp/__init__.py
index 3c107c5..b590808 100644
--- a/fcwebapp/__init__.py
+++ b/fcwebapp/__init__.py
@@ -136,7 +136,8 @@ def profile_edit(user: UserInfo):
         match k:
             case "phone_number":
                 num = re.sub("\\D", "", v)
-                if len(num) < 10:
+                # shortest phone number 9 (Sweden) longest phone number 15 (E.164)
+                if len(num) < 9 or len(num) > 15:
                     return redirect('/profile',code=302)
                 else:
                     user.phone_number = num